IBM QRadar

IBM QRadar

Join this online user group to communicate across Security product users and IBM experts by sharing advice and best practices with peers and staying up to date regarding product enhancements.

 View Only

  • 1.  QRadar console syslog-ng.conf file that is configured for STIG

    Posted Sun May 26, 2024 11:41 AM

    Does anyone have a syslog-ng.conf file for a QRadar console that is configured for  STIG that can be shared.

    The syslog-ng.conf file must be configured for the following STIG requirements:

    V-204511-The Red Hat Enterprise Linux operating system must be configured so that the audit system takes
    appropriate action when the audit storage volume is full.

    V-204509 -The Red Hat Enterprise Linux operating system must offload audit records onto a different system or
    media from the system being audited.

    V-204574-The Red Hat Enterprise Linux operating system must send rsyslog output to a log aggregation server.

    Thanks in advance



    ------------------------------
    Corine Ross
    ------------------------------


  • 2.  RE: QRadar console syslog-ng.conf file that is configured for STIG

    Posted Mon May 27, 2024 07:07 AM

    Hi Corine

    These are outlined in the following link

    https://www.ibm.com/docs/en/qsip/7.5?topic=exceptions-stig-customer-responsibilities

    These will be dependent on the environment in which STIG is being implemented.

    Thanks



    ------------------------------
    John Dawson
    Qradar Support Architect
    IBM
    ------------------------------

    Original Message


Related Content