The Sun Solaris OS DSM for IBM
QRadar records all relevant
Solaris Operating System Authentication Messages events by using the Syslog protocol.
About this task
To collect events from Sun Solaris OS, you must configure syslog to forward events
to QRadar.
Procedure
-
Log in to the Sun Solaris command-line interface (CLI).
- Open the /etc/syslog.conf file.
-
To forward system authentication logs to QRadar, add the following line to
the file:
*.err;auth.notice;auth.info@<IP_address>
Where <IP_address> is the IP address of your QRadar
Console or Event Collector. Use tabs instead
of spaces to format the line.
Tip: Depending on your version of Sun Solaris, you might need to add more log types to
the file. Contact your system administrator for more information.
- Save and exit the file.
- Type the following command:
kill -HUP `cat /etc/syslog.pid`
What to do next
Configure a log source in QRadar. For more information, see
Syslog log source parameters for Sun Solaris OS.
Important: If a Linux® log source is created for the Solaris System that is sending events, disable the Linux log source, and then adjust the parsing order. Ensure that the Sun Solaris OS DSM is listed first.