Hello,
I'm looking to update a backup script that runs on our Console/Processor. The script currently moves the nightly backups from the managed host to a remote network location for archiving.
I would like to write the output of this move (rsync) to the Managed hosts syslog and then parse the result with a rule within QRadar.
For a normal linux box I would use something like
Logger and forward the syslog onto a collector etc.
I'm a little unsure how the Manage hosts are setup for syslog forwarding and am concered about breaking the normal metrics such as Health and commandline processes that are currently displayed in the "SIM Generic Lg DSM-XXX ::" log source.
I have attempted to throw a string "MooGoesTheCow" into the local syslog but never find it within the SIEM (payload search for last 5mins etc)
an example cli command
logger -n localhost -P 514 -d MooGoesTheCowThe switches for this command are-n server-P port-d UDP only
Once I find out how to implement this, I can update my shellscript to write alerts to this log and then hopefully parse it with the CRE.
Suggestions?
------------------------------
JH
------------------------------