ibm.qradar.log_source_management – Manage Log Sources in QRadar
Note
This plugin is part of the ibm.qradar collection (version 1.0.3).
You might already have this collection installed if you are using the ansible package. It is not included in ansible-core. To check whether it is installed, run ansible-galaxy collection list.
To install it, use: ansible-galaxy collection install ibm.qradar.
To use it in a playbook, specify: ibm.qradar.log_source_management.
New in version 1.0.0: of ibm.qradar
Synopsis
- This module allows for addition, deletion, or modification of Log Sources in QRadar
Parameters
| Parameter | Choices/Defaults | Comments |
|---|---|---|
| description
string / required
|
Description of log source
|
|
| identifier
string / required
|
Log Source Identifier (Typically IP Address or Hostname of log source)
|
|
| name
string / required
|
Name of Log Source
|
|
| protocol_type_id
integer
|
Type of protocol by id, as defined in QRadar Log Source Types Documentation
|
|
| state
string / required
|
|
Add or remove a log source.
|
| type_id
integer
|
Type of resource by id, as defined in QRadar Log Source Types Documentation
|
|
| type_name
string
|
Type of resource by name
|
Notes
Note
- Either
typeortype_idis required
Examples
- name: Add a snort log source to IBM QRadar
ibm.qradar.log_source_management:
name: "Snort logs"
type_name: "Snort Open Source IDS"
state: present
description: "Snort IDS remote logs from rsyslog"
identifier: "192.168.1.101"
Authors
- Ansible Security Automation Team (@maxamillion) <https://github.com/ansible-security>
© 2012–2018 Michael DeHaan
© 2018–2021 Red Hat, Inc.
Licensed under the GNU General Public License version 3.
https://docs.ansible.com/ansible/latest/collections/ibm/qradar/log_source_management_module.html