TimDewar's Posts

I am looking for some help with forwarding Log Insight security events to IBM QRadar. The Log Insight documentation indicates that within the SysLog data being forwarded there's a “_li_source_pa... See more...
I am looking for some help with forwarding Log Insight security events to IBM QRadar. The Log Insight documentation indicates that within the SysLog data being forwarded there's a “_li_source_path” that contains the event's original source.  Instead of all events showing as Log Insight as the source, QRadar would need to use the “_li_source_path” value as the source.  Unfortunately IBM does not have a native Log Insight parser module (DSM) to grab the “_li_source_path”, but a QRadar Log Source Extension (LSX) could be configured to do this.  Does anybody have a LSX XML file that they can share? Thanks, Tim.