The Sun Solaris Sendmail DSM for IBM
QRadar accepts
Solaris authentication events by using syslog and records all relevant
sendmail events.
About this task
To collect events from Sun Solaris Sendmail, you must
configure syslog to forward events to QRadar.
Procedure
- Log in to the Sun Solaris command-line interface.
- Open the /etc/syslog.conf file.
- To forward system authentication logs to QRadar,
add the following line to the file:
mail.*;
@<IP address>
Where <IP
address> is the IP address of your QRadar.
Use tabs instead of spaces to format the line.
Note: Depending
on the version of Solaris, you are running, you might need to add
more log types to the file. Contact your system administrator for
more information.
- Save and exit the file.
- Type the following command:
kill
-HUP 'cat /etc/syslog.pid'
You are now ready to
configure the log source QRadar.