ibm.qradar.log_source_management – Manage Log Sources in QRadar

Note

This plugin is part of the ibm.qradar collection (version 1.0.3).

You might already have this collection installed if you are using the ansible package. It is not included in ansible-core. To check whether it is installed, run ansible-galaxy collection list.

To install it, use: ansible-galaxy collection install ibm.qradar.

To use it in a playbook, specify: ibm.qradar.log_source_management.

New in version 1.0.0: of ibm.qradar

Synopsis

  • This module allows for addition, deletion, or modification of Log Sources in QRadar

Parameters

Parameter Choices/Defaults Comments
description
string / required
Description of log source
identifier
string / required
Log Source Identifier (Typically IP Address or Hostname of log source)
name
string / required
Name of Log Source
protocol_type_id
integer
Type of protocol by id, as defined in QRadar Log Source Types Documentation
state
string / required
    Choices:
  • present
  • absent
Add or remove a log source.
type_id
integer
Type of resource by id, as defined in QRadar Log Source Types Documentation
type_name
string
Type of resource by name

Notes

Note

  • Either type or type_id is required

Examples

- name: Add a snort log source to IBM QRadar
  ibm.qradar.log_source_management:
    name: "Snort logs"
    type_name: "Snort Open Source IDS"
    state: present
    description: "Snort IDS remote logs from rsyslog"
    identifier: "192.168.1.101"

Authors