Originally posted by: Niraj Kumar Mishra

Hi All,

I have very basic knowledge of AIX and I am working on QRadar with one of the customer. Customer has one syslog server configured on AIX box. This syslog server receives logs from different different devices like routers, switches and some other devices as well. Now we have to configure this syslog server so that it can forward all these logs that it receives from different different devices to QRadar.

I know that we need to add one entry to forward the AIX system logs but don't know  how I  can include all the logs that it receives stated above.

*.info      @x.y.z.w

Any kind of help regarding this would highly appreciated.

Thanks

Niraj

Originally posted by: AncientAIXer

Basically that is correct.  If you want all entries you would use "*.debug" instead.  You can have as many entries as you wish.  So you can send it to qradar and a local file at the same time.  After changing the config, you will need to use the "refresh" command on the daemon.

Originally posted by: Niraj Kumar Mishra

Hi,

Much appreciated your response regarding this.

If I understand you correctly, if I configure syslog.conf file as below. it will send all the logs that it receives from different different sources (routers and switches)right?

*.debug      @x.y.z.w

Thanks

Niraj

Originally posted by: AncientAIXer

It will send all syslog entries from the local server to the x.y.z.w server.  Each entry will have the server the entry came from.