Skip to Content (Press Enter)
CommunityForgeAssets listIBM QRadar Syslog TLS Integration
ibm-qradar-services
Service icon

IBM QRadar Syslog TLS Integration

Stable version 1.0.0 (Compatible with OutSystems 11)
Uploaded
 on 1 Nov (yesterday)
 by 
0.0
 (0 ratings)
ibm-qradar-services

IBM QRadar Syslog TLS Integration

Documentation
1.0.0

Overview

The QRadar Syslog TLS Extension enables OutSystems applications to securely send log and audit events to IBM QRadar using Syslog over TLS (RFC 5425).
It ensures encrypted communication and compliance with enterprise SIEM integration requirements.

This component includes diagnostic capabilities for testing connectivity and validating TLS certificates before production use.


Installation

  1. Download and install the component from the OutSystems Forge.

  2. Open your OutSystems application in Service Studio.

  3. Go to Manage Dependencies → Add Dependency.

  4. Select QrSyslogTlsExt (extension) and check both Server Actions:

    • DiagnoseTlsConnect

    • SendOneTLS

  5. Click Apply to include these actions in your module.

  6. Publish your module.


Configuration Prerequisites

Before using this component, confirm the following with your IBM QRadar administrator:

  • QRadar FQDN: Example – logs-example.qradar.ibmcloud.com

  • Syslog TLS Port: Example – 6514

  • Firewall Egress: Ensure outbound TCP connectivity to the specified host and port.

  • Root Certificate: Verify the presence of a trusted root CA certificate (for example, DST Root CA X3 or your organization’s trusted CA).

In your application, you may define these as Site Properties or constants:

  • QRadar_Host

  • QRadar_Port

  • ConnectTimeoutMs

  • SendTimeoutMs


Available Server Actions


1️ SendOneTLS

Sends a Syslog message over a secure TLS connection to the configured QRadar endpoint.

ParameterTypeDescription
HostTextQRadar endpoint hostname
PortIntegerSyslog TLS port (e.g., 6514)
MessageTextLEEF or Syslog formatted message
ConnectTimeoutMsIntegerConnection timeout (in milliseconds)
SendTimeoutMsIntegerSend timeout (in milliseconds)

Output:

  • Returns "OK" on successful transmission, or an error message on failure.


2️ DiagnoseTlsConnect

Performs a connection and TLS handshake test with the configured host and port.

Output:
Detailed diagnostic text including:

  • Hostname and resolved IP addresses

  • Connection attempt status

  • TLS handshake result

  • Certificate subject, issuer, and validity period


Example Usage

Example Message:

LEEF:2.0|ExampleVendor|ExampleApp|1.0|event.code|
sev=5    msg=Example log message    user=testUser    app=ExampleApp

Example Flow:

  1. Build your log message text (e.g., in a local variable).

  2. Use the SendOneTLS action from QrSyslogTlsExt.

  3. Pass your message and connection parameters.

  4. Optionally capture the response in a local variable and log it.


Use Cases

  • Forwarding OutSystems operational or audit logs to IBM QRadar.

  • Real-time SIEM alerting and monitoring.

  • Security and compliance reporting.

  • Integration with enterprise log correlation workflows.


Requirements

  • IBM QRadar with Syslog over TLS input configured.

  • Network egress permissions to QRadar endpoint.