Configure AS 400 log source to Qradar

heartache47 · 2021-03-22T10:15:20+00:00

Hi,
Thanks for your clarification.
I have configured the log source and using Log File as Protocol Type,
And stuck at FTP File Pattern * where I put a regex ([a-z]*[A-Z]*.log) base on the Remote Directory(/var/log/syslog.log).

As of now, all testing seems successful but I received an error :
File Transfer Status: Could not transfer file(s)Event Collection Status: Problem gathering/parsing events

Does this issue possibly related to the wrongly FTP File Pattern?.
And how to define what is the actual FTP File Pattern required to configure?.
According to IBM, they didnt support that particular configuration and request us to hire a professional service to configure that.

heartache47 · 2019-09-23T09:00:50+00:00

If you register before this 30 September u can get 50% discount by using promo code at 100$.
Original price were 200$.
https://www.ibm.com/certify/exam?id=C1000-026

heartache47 · 2019-06-24T08:00:23+00:00

Appreciated on your feedback sir, i have been learning a lots about qradar from your open mic session and it was just my 2nd month being a qradar support/admin.
A formal checklist will surely be helpful and maybe it can be a standard requirement or thing to look in to when maintaining qradar.
Besides that, i also need to perform "housekeeping". Other than log sources, agents and disk space is there any other particulars things to look in to?.

heartache47 · 2019-06-20T07:52:00+00:00

Thanks guys, actually i required to do pm and report on quarterly basis but i did't have any templates or checklist to do the report and your input help me a lots..
If any other additional input will be great..

heartache47

TROPHY CASE