Henry,
this should work, although never tried myself. As IRedMail is linux based it depends of course on your way of implementation and os being used. Rsyslog usage via the email utility is just fine. Pls verify 1st , if logs get written locally. Beware of loglevel set in rsyslog.conf. DSM availability is listed in DSM guide. Your logsource should get recognized automatically as linux os. If not pls setup logsource manually and double check logsource identifier (hostname vs. IP addr). Logsource parsing order can be a problem. The linux DSM can easily be extended using DSMedit. Without parsing the mail logs which will result in unknown events.
Regards
Karl
------------------------------
[Karl] [Jaeger] [Business Partner]
[QRadar Specialist]
[pro4bizz]
[Karlsruhe] [Germany]
[4972190981722]
------------------------------
Original Message:
Sent: Tue July 25, 2023 03:35 PM
From: Henry Alonso Valdivia Barba
Subject: Ubuntu IRedMail - Help send logs to QRadar
Hello,
I would like to send my logs from IRedMail (EMail Application Server) to QRadar. I tried using RSyslog using the mail utility but it had no result. Also Qradar is not recognizing my log source. I don't know if Qradar has a DSM for this application (IredMail) or i have to use a generic DSM for this?
My logs of this applications are distributed in
I need help help me with those problems
- Configuration from Log Source to Qradar
- Configuration of DSM on QRadar (if needed)
------------------------------
Henry Alonso Valdivia Barba
------------------------------