qradar

package module

v1.62.0 Latest Latest Go to latest Published: Oct 15, 2024 License: Apache-2.0 Imports: 23 Imported by: 0

Details

Valid go.mod file

The Go module system was introduced in Go 1.11 and is the official dependency management solution for Go.
Redistributable license

Redistributable licenses place minimal restrictions on how software can be used, modified, and redistributed.
Tagged version

Modules with tagged versions give importers more predictable builds.
Stable version

When a project reaches major version v1 it is considered stable.
Learn more about best practices

Repository

github.com/observiq/bindplane-agent

Links

Open Source Insights

README ¶

QRadaar Exporter

The QRadar Exporter is designed for forwarding logs to a QRadar instance using its Syslog endpoint. This exporter supports customization of data export types and various configuration options to tailor the connection and data handling to specific needs.

Minimum Agent Versions

Introduced: v1.61.0

Supported Pipelines

Logs

Configuration

Field	Type	Default Value	Required	Description
raw_log_field	string		`false`	The field name to send raw logs to QRadar.
syslog.endpoint	string	`127.0.0.1:10514`	`false`	The QRadar endpoint.
syslog.transport	string	`tcp`	`false`	The network protocol to use (e.g., `tcp`, `udp`).
syslog.tls.key_file	string		`false`	Configure the receiver to use TLS.
syslog.tls.cert_file	string		`false`	Configure the receiver to use TLS.

Raw Log Field

The raw log field is the field name that the exporter will use to send raw logs to QRadar. It is an OTTL expression that can be used to reference any field in the log record. If the field is not present in the log record, the exporter will not send the log to QRadar. The log record context can be viewed here: Log Record Context.

Example Configurations

Syslog Configuration Example

qradar:
  raw_log_field: body
  syslog:
    endpoint: "syslog.example.com:10514"
    network: "tcp"

Documentation ¶

Overview ¶

Package qradar exports OpenTelemetry data to an endpoint or file.

Constants ¶

This section is empty.

Variables ¶

This section is empty.

Functions ¶

func NewFactory ¶

func NewFactory() exporter.Factory

NewFactory creates a new QRadar exporter factory.

Types ¶

type Config ¶

type Config struct {
	exporterhelper.TimeoutConfig `mapstructure:",squash"`
	exporterhelper.QueueConfig   `mapstructure:"sending_queue"`
	configretry.BackOffConfig    `mapstructure:"retry_on_failure"`

	// Syslog is the configuration for the connection to QRadar.
	Syslog SyslogConfig `mapstructure:"syslog"`

	// RawLogField is the field name that will be used to send raw logs to QRadar.
	RawLogField string `mapstructure:"raw_log_field"`
}

Config defines configuration for the QRadar exporter.

func (*Config) Validate ¶

func (cfg *Config) Validate() error

Validate validates the QRadar exporter configuration.

type SyslogConfig ¶

type SyslogConfig struct {
	confignet.AddrConfig `mapstructure:",squash"`

	// TLSSetting struct exposes TLS client configuration.
	TLSSetting *configtls.ClientConfig `mapstructure:"tls"`
}

SyslogConfig defines configuration for QRadar connection.

Source Files ¶

View all Source files

Directories ¶

Path	Synopsis
internal
metadata
mocks

?	: This menu
/	: Search site
f or F	: Jump to
y or Y	: Canonical URL