Assuming you've used vpntool to enable the QRadar box as a server, you can then use the vpntool addclient to create the client's certificates. Copy those certificates and the ca certificate to the Linux server (/etc/openvpn/pki/). Then create an openvpn configuration (/etc/openvpn/client.conf) to match the server. An example client config is below. The proper way of activating the client vpn service on your Linux server will vary from one Linux distro to another so I'll leave that up to you.

You can then use standard syslog configuration options to forward the logs you'd like to send to QRadar. For example with rsyslog a line like this should forward everything:

 *. *  @10.8.0.1:514

Note, the use of vpntool for this should be considered an option of last resort. It will function fine but in most environments it is appropriate to use Azure's VPN/Gateway/routing options rather than creating your own unmanaged vpn tunnels.

 # Client connection to server.
 client
 remote 47.25.25.10 1194
 
 # Other connection details
 proto udp
 dev tun
 nobind
 
 # Tuning based on https://community.openvpn.net/openvpn/wiki/Gigabit_Networks_Linux
 cipher BF-CBC
 tun-mtu 32000
 fragment 0
 mssfix 0
 
 # Compression significantly improves throughput
 # in some scenarios.
 comp-lzo yes
 
 # Proxy configration
 ; none required
 
 # Logging (openvpn.log is managed by logrotate).
 status /var/log/openvpn-status.log
 log-append /var/log/openvpn.log
 verb 4
 
 # Keys and certificates
 ca /etc/openvpn/pki/ca.crt
 cert /etc/openvpn/pki/client.crt
 key /etc/openvpn/pki/client.key
 
 # Downgrade to an unpriviledged user and fork to background
 # after successful initialization,
 user nobody
 group nobody
 persist-tun
 persist-key
 
 # The service is normally started by upstart,
 # in which case we don't want to daemonize.
 ; daemon