IBM QRadar

IBM QRadar

Join this online user group to communicate across Security product users and IBM experts by sharing advice and best practices with peers and staying up to date regarding product enhancements.

 View Only

  • 1.  Suse 15 integration with QRadar

    Posted Fri January 19, 2024 03:07 AM

    Morning 
    are there any specific instructions for sending Suse 15 logs to Qradar? I can't see anything in the DSM guide.
    Thanks in advance.



    ------------------------------
    jan julicher
    ------------------------------


  • 2.  RE: Suse 15 integration with QRadar

    Posted Sat January 20, 2024 05:25 AM

    Jan

    DSM guide says Configuring Linux OS to send audit logs
    Configure Linux OS to send audit logs to QRadar.
    About this task: This task applies to Red Hat Enterprise Linux (RHEL) v6 to v8 operating systems.
    If you use a SUSE, Debian, or Ubuntu operating system, see your vendor documentation for specific steps
    for your operating system.

    The easiest way is to configure syslog according to Suse doc is

    3.6.2 Set Up the Client Machines

    Procedure 3.3: Configure a rsyslog Instance for Remote Logging
    Pls refer to https://documentation.suse.com/de-de/sles/15-SP2/html/SLES-all/cha-tuning-syslog.html
    test using logger as described in 3.7
    check for unknown log events and use dsmedit to parse and map them in Qradar


    ------------------------------
    [Karl] [Jaeger] [Business Partner]
    [QRadar Specialist]
    [pro4bizz]
    [Karlsruhe] [Germany]
    [4972190981722]
    ------------------------------

    Original Message


  • 3.  RE: Suse 15 integration with QRadar

    Posted Tue January 23, 2024 06:50 AM

    Thank you!!



    ------------------------------
    jan julicher
    ------------------------------

    Original Message