You can configure Cloudera Navigator device to
send JSON format syslog events to IBM
QRadar.
Before you begin
Ensure that Cloudera Navigator can access
port 514 on the QRadar system.
About this task
When you install Cloudera Navigator, all audit logs are collected
automatically. However, you must configure Cloudera Navigator to send
audits logs to QRadar by
using syslog.
Procedure
- Do one of the following tasks:
- Click .
- On the Status tab of the
Home page, click the Cloudera
Management Service link in Cloudera
Management Service table.
- Click the Configuration tab.
- Search for Navigator Audit Server Logging Advanced
Configuration Snippet.
- Depending on the format type, enter one of the following
values in the Value field:
- log4j.logger.auditStream = TRACE,SYSLOG
- log4j.appender.SYSLOG =
org.apache.log4j.net.SyslogAppender
- log4j.appender.SYSLOG.SyslogHost = <QRadar
Hostname>
- log4j.appender.SYSLOG.Facility = Local2
- log4j.appender.SYSLOG.FacilityPrinting =
true
- log4j.additivity.auditStream = false
- Click Save Changes.