Push JIRA Logs in LEEF format

Hemanshu Sood October 16, 2016

Hi,

I am doing Jira-Qradar Integration wherein an issue updation in JIRA will trigger an event in qradar. Now Qradar only supports LEEF format, can we push JIRA logs in leef format so that qradar interpret them in any way?

In addition to that, please suggest any functionality in JIRA which will help us to communicate to third party that an update has occurred in JIRA except email notification.

I even tried webhooks, but it needs to be supported by both applications(JIRA and Qradar)

2 answers

1 accepted

0 votes
Answer accepted
Nic Brough -Adaptavist-
Community Leader
Community Leader
Community Leaders are connectors, ambassadors, and mentors. On the online community, they serve as thought leaders, product experts, and moderators.
October 17, 2016

It's bad to start an answer with "I don't know", but I have to.  My instinct is to reconfigure JIRA's logging format so that it outputs something LEEF compatible.  I do know that it uses log4j and that there are simple-ish property files in JIRA that you can use to customise the log4j output quite heavily.  What I don't know is if there is a way to configure log4j to spit out LEEF.  If it can't, then I'm afraid the answer is "you'd have to rip out the logging system in JIRA and replace it".

Email and webhooks are the main ways to get JIRA to talk to other systems.  A third one is via application links, but the system on the other end has to understand them in full (so it's mostly only Atlassian stuff that does it).  I suspect you're going to need some code here.  First, you need to work out what QRadar can accept, and then you should be able to code post-functions or listeners that can talk to it over those routes.

0 votes
Hemanshu Sood October 17, 2016

Thanks Nic, Qradar accepts leef format logs, what i am trying to do is write a script(groovy) which can generate syslog event.

Any guidance?

Nic Brough -Adaptavist-
Community Leader
Community Leader
Community Leaders are connectors, ambassadors, and mentors. On the online community, they serve as thought leaders, product experts, and moderators.
October 17, 2016

That's not really going to work.  The Script Runner, while very clever, can only run scripts for certain things.  A lot of certain things, but it can't touch others.  Imagine, for example, you create a workflow transition.  JIRA will automatically place 5 post-functions on that, all system level functions, all with the potential to go wrong.  While you can add as many script-runner post functions, with any logging you want on the transition, those five standard functions are going to write any output to the application log in the format specified in the log4j settings.

Script-runner is a non-starter for this, you need to hack the logging system.

Suggest an answer

Log in or Sign up to answer