ibm.qradar.log_source_management module – Manage Log Sources in QRadar
Note
This module is part of the ibm.qradar collection (version 2.1.0).
You might already have this collection installed if you are using the ansible
package.
It is not included in ansible-core
.
To check whether it is installed, run ansible-galaxy collection list
.
To install it, use: ansible-galaxy collection install ibm.qradar
.
To use it in a playbook, specify: ibm.qradar.log_source_management
.
New in ibm.qradar 1.0.0
DEPRECATED
- Removed in:
major release after 2024-09-01
- Why:
Newer and updated modules released with more functionality.
- Alternative:
qradar_log_sources_management
Synopsis
This module allows for addition, deletion, or modification of Log Sources in QRadar
Parameters
Parameter |
Comments |
---|---|
Description of log source |
|
Log Source Identifier (Typically IP Address or Hostname of log source) |
|
Name of Log Source |
|
Type of protocol by id, as defined in QRadar Log Source Types Documentation |
|
Add or remove a log source. Choices:
|
|
Type of resource by id, as defined in QRadar Log Source Types Documentation |
|
Type of resource by name |
Notes
Note
Either
type
ortype_id
is required
Examples
- name: Add a snort log source to IBM QRadar
ibm.qradar.log_source_management:
name: "Snort logs"
type_name: "Snort Open Source IDS"
state: present
description: "Snort IDS remote logs from rsyslog"
identifier: "192.168.1.101"
Status
This module will be removed in a major release after 2024-09-01. [deprecated]
For more information see DEPRECATED.