Question & Answer
Question
Can you search system information that is logged in QRadar logs using the User Interface?
Answer
You can search QRadar logs using Log Activity and filters. The logs you can search are:
- System Notification-2 which corresponds to qradar.log
- SIM Audit-2 which will show Backend Activity.
- Log in to the QRadar User Interface.
- Click Log Activity.
- Click Add Filter > Log Source [Indexed] > Equals > System Notification-2.
- Click Add Filter.
- From View: Select An Option for time interval.
To search the Audit logs from the user interface.
- Log in to the QRadar User Interface.
- Click Log Activity tab.
- Click Add Filter > Log Source [Indexed] > Equals > SIM Audit-2.
- Click Add Filter.
- From View: Select An Option for time interval.
Where do you find more information?
[{"Product":{"code":"SSBQAC","label":"IBM Security QRadar SIEM"},"Business Unit":{"code":"BU059","label":"IBM Software w\/o TPS"},"Component":"General Information","Platform":[{"code":"PF016","label":"Linux"}],"Version":"Version Independent","Edition":"","Line of Business":{"code":"LOB24","label":"Security Software"}}]
Was this topic helpful?
Document Information
Modified date:
16 June 2018
UID
swg21995147