Configuring your cluster to receive audit logs over TLS
You can configure IBM QRadar to receive audit logs over TLS.
To add a log source to receive events, see Adding a log source to receive events.
Generating self-signed certificates
IBM QRadar TLS syslog needs both public and private keys in the proper format. A custom private key pair must be in DER-encoded PKCS8 format.
ca cert use. It is used for the TLS log source.
The following process creates
public_key.pemcan be used as a server certificate. Fluentd (client) will use it as a client cert to send logs over TLS (For proof of concept only)
private_key.dercan be used as a private key
openssl genrsa -out /tmp/private_key.pem 2048
openssl pkcs8 -topk8 -inform PEM -outform DER -in /tmp/private_key.pem -out /tmp/private_key.der -nocrypt
openssl req -new -key /tmp/private_key.pem -out /tmp/csr.pem
openssl req -x509 -sha512 -days 365 -in /tmp/csr.pem -key /tmp/private_key.der -keyform DER -out /tmp/public_key.pem
Note: The common name field is important. Use the host name of the IBM QRadar server.