2

I am writing a .NET application that needs to send LOG information to an IBM Logging System. Does anyone have any experience with this? Thanks. The IBM Logging System is called QRADAR.

John Hanley
  • 74,467
  • 6
  • 95
  • 159
user3593830
  • 21
  • 1
  • 2
  • What have you tried so far? Have you followed any tutorials or searched for examples? – wjl May 01 '14 at 19:26
  • Yes. I did search for tutorials and examples. QRadar is an IBM logging system that takes information in a LEEF Format. Found a third party tool that sends system logging information to an outside host. – user3593830 May 08 '14 at 19:35

1 Answers1

2

Windows does not contain a standard application that is bundled to send syslog. The LEEF format is a specialized format of a standard syslog event.

QRadar has an application or protocols that could be used to either locally or remotely retrieve this file.

For example, you could use a WinCollect agent with the File Forwarder plug-in. WinCollect is an Windows-installable agent that can read events from the local system or remotely poll other Windows systems for their events. It creates name=value pairs and sends syslog events to QRadar. You could use the File Forwarder plug-in (which was just released) to accomplish this with a Universal DSM + Log Source Extension to properly parse and categorize your custom .NET events.

Alternately, you could write the LEEF events to a flat file. QRadar can import these with a protocol, called the Log File protocol. This would not be real-time, but the file could be retrieved (FTP, SFTP, or SCP) every 15 minutes.

You should see the QRadar Customer Forum for a more specific answer to your question though.

http://www.ibm.com/developerworks/forums/category.jspa?categoryID=528

user3662118
  • 21
  • 2
  • 1
    Thank you! I wrote the details in LEEF format and did use a file forwarder plug-in. This ended up being extremely simple and easy. – user3593830 Jun 05 '14 at 17:40