How to forward syslog from Host to QRadar Community Edition running in VM (Vagrant)
Hi,
how can we forward rsyslog entries from a ubuntu host to a QRadar Community Edition? QRadar is running in a VM (Virtualbox) on the ubuntu host. For VM Setup we use vagrant https://developer.ibm.com/qradar/wp-content/uploads/sites/89/2017/11/QRadarCE_Vagrantfile.20171003084145.zip
Thx
hi @mahirsch , ...
qradar community edition, same as the full version, can accept inbound syslog messages from any device, and autodetect them. The limitation with CE, is the types of log sources it has support for, out of the box, is much smaller.
If you look on the documentation available on the support site for CE (developer.ibm.com/qradar/ce/) it lists the base installed DSM list, one of which is indeed, linux : https://developer.ibm.com/qradar/wp-content/uploads/sites/89/2017/12/b_qradar_community_edition.pdf. You should be fine sending the ubuntu events to CE.
If you're wondering how to reconfigure the ubuntu host, just do a google search for "enable syslog logging on ubuntu", and you should get a few pointers on which files to change, and which service to restart.
dwight s.