Configuring Red Hat OpenShift to communicate with QRadar
To send events from Red Hat OpenShift to QRadar, you must specify QRadar as the syslog server.
Procedure
- A Red Hat® OpenShift® cluster must be running on your system. For more information about creating a logging instance cluster, see the Red Hat OpenShift documentation about Understanding the logging subsystem for Red Hat OpenShift (https://docs.openshift.com/container-platform/4.10/logging/cluster-logging.html).
- To forward logs to QRadar, see the Red Hat OpenShift documentation about Forwarding logs to external third-party logging systems (https://docs.openshift.com/container-platform/4.10/logging/cluster-logging-external.html).