IBM QRadar

IBM QRadar

Join this online user group to communicate across Security product users and IBM experts by sharing advice and best practices with peers and staying up to date regarding product enhancements.

 View Only
Back to discussions
Expand all | Collapse all

Does anyone have a way to pass logs from OpenVPN access server to qradar

  • 1.  Does anyone have a way to pass logs from OpenVPN access server to qradar

    Posted Sat February 20, 2021 01:33 AM
    I tried to use Xboarder56 dsm and it wont work for openvpn access server, the only logs i get is openvpn message. Here is a sample log <14>Feb 19 17:03:10 remote openvpnas: [-] [OVPN 0] OUT: 'Sat Feb 20 01:03:10 2021 johndoe/123.456.78.91:23882 SIGUSR1[soft,connection-reset] received, client-instance restarting'

    Has anyone used sent openvpnas logs to qradar before successfully? I am not too good with regex



    #QRadar
    #Support
    #SupportMigration


  • 2.  RE: Does anyone have a way to pass logs from OpenVPN access server to qradar

    Posted Fri March 05, 2021 06:31 AM

    Hello TugaTuga,

    There is not out-of-the-box DSM for thee openvpnas logs.. you can create a custom DSM using DSM Editor. it should not be that tough.

    https://www.youtube.com/watch?v=KF40bba_kp0&ab_channel=JoseBravo

    https://www.ibm.com/support/pages/creating-custom-dsm

    you would need some understanding of regex but I think reading through some online tutorials should be enough.



    #QRadar
    #Support
    #SupportMigration


Related Content