W3cubDocs

/Ansible 2.10

ibm.qradar.qradar_log_source_management – Manage Log Sources in QRadar

Note

This plugin is part of the ibm.qradar collection.

To install it use: ansible-galaxy collection install ibm.qradar.

To use it in a playbook, specify: ibm.qradar.qradar_log_source_management.

New in version 1.0.0: of ibm.qradar

Synopsis

  • This module allows for addition, deletion, or modification of Log Sources in QRadar

Parameters

Parameter Choices/Defaults Comments
description
string / required
Description of log source
identifier
string / required
Log Source Identifier (Typically IP Address or Hostname of log source)
name
string / required
Name of Log Source
protocol_type_id
integer
Type of protocol by id, as defined in QRadar Log Source Types Documentation
state
string / required
    Choices:
  • present
  • absent
Add or remove a log source.
type_id
integer
Type of resource by id, as defined in QRadar Log Source Types Documentation
type_name
string
Type of resource by name

Notes

Note

  • Either type or type_id is required

Examples

- name: Add a snort log source to IBM QRadar
  ibm.qradar.log_source_management:
    name: "Snort logs"
    type_name: "Snort Open Source IDS"
    state: present
    description: "Snort IDS remote logs from rsyslog"
    identifier: "192.168.1.101"

Authors

© 2012–2018 Michael DeHaan
© 2018–2019 Red Hat, Inc.
Licensed under the GNU General Public License version 3.
https://docs.ansible.com/ansible/2.10/collections/ibm/qradar/qradar_log_source_management_module.html