The Linux® OS DSM for IBM® QRadar® records Linux operating system events and forwards the events using syslog or syslog-ng.
If you are using syslog on a UNIX host, upgrade the standard syslog to a more recent version, such as, syslog-ng.
To integrate Linux OS with QRadar, select one of the following syslog configurations for event collection:
You can also configure your Linux operating system to send audit logs to QRadar. For more information, see Configuring Linux OS to send audit logs.
Supported event types
The Linux OS DSM supports the following event types:
- Simple Authentication Security Layer (SASL)
- Switch User (SU)
- Pluggable Authentication Module (PAM) events.