ibm.qradar.qradar_log_source_management – Manage Log Sources in QRadar
ibm.qradar.qradar_log_source_management – Manage Log Sources in QRadar
Note
This plugin is part of the ibm.qradar collection (version 1.0.3).
To install it use: ansible-galaxy collection install ibm.qradar
.
To use it in a playbook, specify: ibm.qradar.qradar_log_source_management
.
New in version 1.0.0: of ibm.qradar
Synopsis
- This module allows for addition, deletion, or modification of Log Sources in QRadar
Parameters
Parameter | Choices/Defaults | Comments |
---|---|---|
description string / required |
Description of log source | |
identifier string / required |
Log Source Identifier (Typically IP Address or Hostname of log source) | |
name string / required |
Name of Log Source | |
protocol_type_id integer |
Type of protocol by id, as defined in QRadar Log Source Types Documentation | |
state string / required |
|
Add or remove a log source. |
type_id integer |
Type of resource by id, as defined in QRadar Log Source Types Documentation | |
type_name string |
Type of resource by name |
Notes
Note
- Either
type
ortype_id
is required
Examples
- name: Add a snort log source to IBM QRadar
ibm.qradar.log_source_management:
name: "Snort logs"
type_name: "Snort Open Source IDS"
state: present
description: "Snort IDS remote logs from rsyslog"
identifier: "192.168.1.101"
Authors
- Ansible Security Automation Team (@maxamillion) <https://github.com/ansible-security>
© 2012–2018 Michael DeHaan
© 2018–2019 Red Hat, Inc.
Licensed under the GNU General Public License version 3.
https://docs.ansible.com/ansible/2.10/collections/ibm/qradar/qradar_log_source_management_module.html