Testing Log Sources
In QRadar 7.3.2. Fix Pack 3 or later, test your log source configuration in the QRadar Log Source Management app to ensure that the parameters that you used are correct. The test runs from the host that you specify in the Target Event Collector setting, and can collect sample event data from the target system. The target system is the source of your event data.
If the Test tab doesn’t appear for your log source, you can't test the configuration. In QRadar 7.3.2. Fix Pack 3 or later and QRadar Log Source Management app v5.0.0 or later, only a few protocols are updated to include test capabilities. Ensure that you install the latest version of your protocols to get the testing capability when it is available.
To download a Fix Pack, go to https://support.juniper.net/support/downloads/.
- In the QRadar Log Source Management app, select a log source.
- On the Log Source Summary pane, click the Test tab, then click Start Test.
If there is high network latency between the QRadar Console and the log source's Target Event Collector, it might take a moment for the results to appear.
When the test is successful, checkmarks are displayed next to each of the results and sample event information is generated. If the test is not successful, an X is displayed next to the result that failed, and no sample event information is generated. When one result fails, the test of the other results is canceled.
- If the test is not successful, click Edit to
configure the parameter that caused the test to fail and test your
log source again.
Click the drop-down arrow next to the failed result for more information about the error.
- Click the Download icon to view the test results
- Click Close.
Protocols Available for Testing
In QRadar 7.3.2. Fix Pack 3 or later, and QRadar Log Source Management app 5.0.0 or later, some protocols are updated to include test capabilities. Ensure that you install the latest version of your protocols to get the testing capability when it is available.
The following lists the protocols available to be tested in the QRadar Log Source Management app:
Amazon AWS S3 REST API
Amazon Web Services
Cisco Firepower eStreamer
Google G Suite Activity Reports REST API
Microsoft Azure Event Hubs
Microsoft Graph Security API
Microsoft Office 365
Office 365 Message Trace REST API
Okta REST API
Oracle Database Listener
VMware VCloud Director