Configuring syslog for OpenBSD

You can configure OpenBSD to forward syslog events.

Procedure

  1. Use SHH, to log in to your OpenBSD device, as a root user.
  2. Open the /etc/syslog.conf file.
  3. Add the following line to the top of the file. Make sure that all other lines remain intact:

    *.* @<IP address>

    Where <IP address> is the IP address of your IBM QRadar.

  4. Save and exit the file.
  5. Send a hang-up signal to the syslog daemon to ensure that all changes are applied:

    kill -HUP `cat /var/run/syslog.pid`

    Note: This command line uses the back quotation mark character (`), which is located to the left of the number one on most keyboard layouts.

    The configuration is complete. Events that are forwarded to QRadar by OpenBSD are displayed on the Log Activity tab.