It's not the same without you

Join the community to find out what other Atlassian users are discussing, debating and creating.

Atlassian Community Hero Image Collage

Push JIRA Logs in LEEF format


I am doing Jira-Qradar Integration wherein an issue updation in JIRA will trigger an event in qradar. Now Qradar only supports LEEF format, can we push JIRA logs in leef format so that qradar interpret them in any way?

In addition to that, please suggest any functionality in JIRA which will help us to communicate to third party that an update has occurred in JIRA except email notification.

I even tried webhooks, but it needs to be supported by both applications(JIRA and Qradar)

2 answers

1 accepted

0 votes
Answer accepted

It's bad to start an answer with "I don't know", but I have to.  My instinct is to reconfigure JIRA's logging format so that it outputs something LEEF compatible.  I do know that it uses log4j and that there are simple-ish property files in JIRA that you can use to customise the log4j output quite heavily.  What I don't know is if there is a way to configure log4j to spit out LEEF.  If it can't, then I'm afraid the answer is "you'd have to rip out the logging system in JIRA and replace it".

Email and webhooks are the main ways to get JIRA to talk to other systems.  A third one is via application links, but the system on the other end has to understand them in full (so it's mostly only Atlassian stuff that does it).  I suspect you're going to need some code here.  First, you need to work out what QRadar can accept, and then you should be able to code post-functions or listeners that can talk to it over those routes.

Thanks Nic, Qradar accepts leef format logs, what i am trying to do is write a script(groovy) which can generate syslog event.

Any guidance?

That's not really going to work.  The Script Runner, while very clever, can only run scripts for certain things.  A lot of certain things, but it can't touch others.  Imagine, for example, you create a workflow transition.  JIRA will automatically place 5 post-functions on that, all system level functions, all with the potential to go wrong.  While you can add as many script-runner post functions, with any logging you want on the transition, those five standard functions are going to write any output to the application log in the format specified in the log4j settings.

Script-runner is a non-starter for this, you need to hack the logging system.

Suggest an answer

Log in or Sign up to answer

Community Events

Connect with like-minded Atlassian users at free events near you!

Find an event

Connect with like-minded Atlassian users at free events near you!

Unfortunately there are no Community Events near you at the moment.

Host an event

You're one step closer to meeting fellow Atlassian users at your local event. Learn more about Community Events

Events near you