Hi,
I suggest you do following activities:
1 - check Linux version and dsm compatibility first.
2 - are these logs from Linux device only or are dumped by some other devices (shortly are you using Linux device as a log collector?)
3 - check consistency of logs. If not consistent then dsm will not parse it automatically.
4 - check and update dsm version if possible. (Don't try to delete or reinstall dsm.)
5 - check in dsm, auto detection is enabled or not.
------------------------------
Abdul Quadeer
------------------------------
Original Message:
Sent: Thu February 27, 2025 10:33 AM
From: Adem Güler
Subject: Linux os Parser Issue
Hi,
Actually, we get the logs with rsyslog, so I think there should be no need for a different process. If anyone has encountered it before, I would like to get suggestions.
Thanks
------------------------------
Adem Güler
Original Message:
Sent: Thu February 27, 2025 09:53 AM
From: John Dawson
Subject: Linux os Parser Issue
Hi Adem
I would review the documentation regarding Linux OS logs to ensure the events are of a supported type and that it has been configured correctly
https://www.ibm.com/docs/en/security-qradar/log-insights/saas?topic=linux-os
If all of this is correct then you should open a support case.
Thanks
------------------------------
John Dawson
Qradar Support Architect
IBM
Original Message:
Sent: Thu February 27, 2025 07:24 AM
From: Adem Güler
Subject: Linux os Parser Issue
Hi guys,
Logs coming from Linux os sources are not parsed by default. Normally linux logs should be parsed directly by the system, right? Is there any point we should check about this situation?
Thank you
------------------------------
Adem Güler
------------------------------