Configuring syslog on Linux OS

Configuring Linux® OS to forward events by using the syslog protocol.

Procedure

  1. Log in to your Linux OS device, as a root user.
  2. Open the /etc/syslog.conf file and add the following facility information:
    authpriv.* @<ip_address>

    where:

    <ip_address> is the IP address of IBM QRadar.

  3. Save the file.
  4. Restart syslog by typing the following command:
    service syslog restart
  5. Log in to the QRadar Console.
  6. Add a Linux OS log source on the QRadar Console.

    For more information about syslog, see the Linux documentation (https://www.linux.com/what-is-linux/).