Configuring Sun Solaris DHCP to communicate with QRadar

The Sun Solaris DHCP DSM for IBM QRadar records all relevant DHCP events by using syslog.

About this task

To collect events from Sun Solaris DHCP, you must configure syslog to forward events to QRadar.

Procedure

  1. Log in to the Sun Solaris command-line interface.
  2. Edit the /etc/default/dhcp file.
  3. Enable logging of DHCP transactions to syslog by adding the following line:

    LOGGING_FACILITY=X

    Where X is the number corresponding to a local syslog facility, for example, a number 0 - 7.

  4. Save and exit the file.
  5. Edit the /etc/syslog.conf file.
  6. To forward system authentication logs to QRadar, add the following line to the file:

    localX.notice @<IP address>

    Where:

    X is the logging facility number that you specified in Configuring Sun Solaris DHCP to communicate with QRadar.

    <IP address> is the IP address of your QRadar. Use tabs instead of spaces to format the line.

  7. Save and exit the file.
  8. Type the following command:

    kill -HUP `cat /etc/syslog.pid`

What to do next

You are now ready to configure the log source in QRadar.