IBM Support

QRadar: Search QRadar logs using the User Interface.

Question & Answer


Question

Can you search system information that is logged in QRadar logs using the User Interface?

Answer

You can search QRadar logs using Log Activity and filters. The logs you can search are:

  • System Notification-2 which corresponds to qradar.log
  • SIM Audit-2 which will show Backend Activity.
To search qradar.log from the User Interface.
  1. Log in to the QRadar User Interface.
  2. Click Log Activity.
  3. Click Add Filter > Log Source [Indexed] > Equals > System Notification-2.

  4. Click Add Filter.
  5. From View: Select An Option for time interval.
Results: You now can search qradar.log from the Log Activity tab.


To search the Audit logs from the user interface.
  1. Log in to the QRadar User Interface.
  2. Click Log Activity tab.
  3. Click Add Filter > Log Source [Indexed] > Equals > SIM Audit-2.

  4. Click Add Filter.
  5. From View: Select An Option for time interval.
Results: You now can search QRadar's Audit log from the Log Activity tab.


Where do you find more information?

[{"Product":{"code":"SSBQAC","label":"IBM Security QRadar SIEM"},"Business Unit":{"code":"BU059","label":"IBM Software w\/o TPS"},"Component":"General Information","Platform":[{"code":"PF016","label":"Linux"}],"Version":"Version Independent","Edition":"","Line of Business":{"code":"LOB24","label":"Security Software"}}]

Document Information

Modified date:
16 June 2018

UID

swg21995147

Page Feedback