IBM Security QRadar

 View Only

  • 1.  QRadar console syslog-ng.conf file that is configured for STIG

    Posted Sun May 26, 2024 11:41 AM

    Does anyone have a syslog-ng.conf file for a QRadar console that is configured for  STIG that can be shared.

    The syslog-ng.conf file must be configured for the following STIG requirements:

    V-204511-The Red Hat Enterprise Linux operating system must be configured so that the audit system takes
    appropriate action when the audit storage volume is full.

    V-204509 -The Red Hat Enterprise Linux operating system must offload audit records onto a different system or
    media from the system being audited.

    V-204574-The Red Hat Enterprise Linux operating system must send rsyslog output to a log aggregation server.

    Thanks in advance



    ------------------------------
    Corine Ross
    ------------------------------


  • 2.  RE: QRadar console syslog-ng.conf file that is configured for STIG

    Posted Mon May 27, 2024 07:07 AM

    Hi Corine

    These are outlined in the following link

    https://www.ibm.com/docs/en/qsip/7.5?topic=exceptions-stig-customer-responsibilities

    These will be dependent on the environment in which STIG is being implemented.

    Thanks



    ------------------------------
    John Dawson
    Qradar Support Architect
    IBM
    ------------------------------

    Original Message