The Sun Solaris DHCP DSM for IBM
QRadar records all relevant DHCP
events by using syslog.
About this task
To collect events from Sun Solaris DHCP, you must configure syslog to forward events to QRadar.
Procedure
-
Log in to the Sun Solaris command-line interface.
-
Edit the /etc/default/dhcp file.
-
Enable logging of DHCP transactions to syslog
by adding the following line:
LOGGING_FACILITY=X
Where X
is the number corresponding to a local syslog facility, for example, a
number 0 - 7.
-
Save and exit the file.
-
Edit the /etc/syslog.conf file.
-
To forward system authentication logs to QRadar, add the following line to
the file:
-
Save and exit the file.
-
Type the following command:
kill -HUP `cat /etc/syslog.pid`
What to do next
You are now ready to configure the log source in QRadar.