Add to collection(s) Add to saved
  1. No category
Uploaded by saadat ali

Configuring rsyslog on your Linux system

advertisement 
SL-External-T-IMF
Private
STANDARD OPERATING PROCEDURE FOR
LINUX LOGGING
Contents
Configuring rsyslog on your Linux system............................................................................................... 2
Before you can add a log source in QRadar®, you need to configure rsyslog on your Linux® system. .... 2
Procedure: ........................................................................................................................................... 2
TROUBLESHOOTING STEPS: .................................................................................................................... 2
SL-External-T-IMF
Private
Configuring rsyslog on your Linux system
Before you can add a log source in QRadar®, you need to configure rsyslog on your Linux®
system.
Procedure:
1. On your Linux system, open the /etc/rsyslog.conf file, and then add the following
entry at the end of the file:
*.* @@<10.200.60.134>:514
where <10.200.60.134> is the IP address of the QRadar Event Collector that you want
to send events to.
2. You must be able to send rsyslog on a non-traditional TCP port. A potential challenge
is that SELinux might block TCP port 514. For more information, see Configuring
rsyslog on a logging server (https://access.redhat.com/documentation/enus/red_hat_enterprise_linux/7/html/system_administrators_guide/s1configuring_rsyslog_on_a_logging_server).
3. Now Restart the rsyslog.service using the following command:
systemctl restart rsyslog
4. Check the connectivity of linux server with IBM Qradar on event processor using telnet
command on port 514.
TROUBLESHOOTING STEPS:
Below basic trouble shooting steps should be performed if log source is not sending logs to IBM
Qradar
1.
2.
3.
4.
Check the connectivity from Linux server to IBM Qradar using telnet command on port 514
Check the port 514 is opened on linux server or not
Disable SELINUX if possible if there is an issue with connectivity
Verify the rsyslog.conf file and confirm the IP address and the line mentioned above in
configuration
5. Restart the rsyslog service on linux server
systemctl restart rsyslog
or
systemctl restart rsyslog.service
Note: If the above troubleshooting steps did not resolve the problem, then contact the Qradar
administrator for further troubleshooting.
SL-External-T-IMF
Private
Related documents
Linux 遊戲心得報告 班級:網通一甲 陳廷禮 4a336023
Linux 遊戲心得報告 班級:網通一甲 陳廷禮 4a336023
Linux & X Windows Programming - Assignment I
Linux & X Windows Programming - Assignment I
Computer Experience
Computer Experience
Features of operating system
Features of operating system
Bruce Molay - Understanding Unix-Linux Programming-Pearson (2002)
Bruce Molay - Understanding Unix-Linux Programming-Pearson (2002)
SYSTEM ADMIN Course outline
SYSTEM ADMIN Course outline
Assignment 2
Assignment 2
Download
advertisement