Configuring Linux® OS to forward events by using
the syslog connector.
Procedure
-
Log in to your Linux OS device, as a root user.
-
Open the /etc/syslog.conf file and add the following facility information:
Where:
<ip_address> is the IP address of the QRadar® product.
-
Save the file.
-
Restart syslog by typing the following command:
service syslog restart
- Log in to the QRadar product.
- Add a Linux OS data source in the QRadar product.
For more information about syslog, see the Linux documentation
(https://www.linux.com/what-is-linux/).