Linux - GeneralThis Linux forum is for general Linux questions and discussion.
If it is Linux Related and doesn't seem to fit in any other forum then this is the place.
Notices
Welcome to LinuxQuestions.org, a friendly and active Linux Community.
You are currently viewing LQ as a guest. By joining our community you will have the ability to post topics, receive our newsletter, use the advanced search, subscribe to threads and access many other special features. Registration is quick, simple and absolutely free. Join our community today!
Note that registered members see fewer ads, and ContentLink is completely disabled once you log in.
If you have any problems with the registration process or your account login, please contact us. If you need to reset your password, click here.
Having a problem logging in? Please visit this page to clear all LQ-related cookies.
Get a virtual cloud desktop with the Linux distro that you want in less than five minutes with Shells! With over 10 pre-installed distros to choose from, the worry-free installation life is here! Whether you are a digital nomad or just looking for flexibility, Shells can put your Linux machine on the device that you want to use.
Exclusive for LQ members, get up to 45% off per month. Click here for more info.
I have edit syslog.conf file and add there IP of QRadar event Collector for Event collection. I have different machines of linux and I have done this successfully and recieved logs in QRadar. But My requirement is that I want,syslog send logs to QRadar with the linux IP not the hostname (as an identifier) currently hostname is the identifier of linux machine. because hostname is same of all my linux machines. and I can't understand which machine is send me the logs. so is want syslog send logs to QRadar with th IP.
Your Quick Response would help me to complete my task.
Dear Forum Members,
I have edit syslog.conf file and add there IP of QRadar event Collector for Event collection. I have different machines of linux and I have done this successfully and recieved logs in QRadar. But My requirement is that I want,syslog send logs to QRadar with the linux IP not the hostname (as an identifier) currently hostname is the identifier of linux machine. because hostname is same of all my linux machines. and I can't understand which machine is send me the logs. so is want syslog send logs to QRadar with th IP.
Your Quick Response would help me to complete my task.
This is a volunteer forum...asking for/expecting a 'quick response' is fairly rude. We volunteer our time here.
That said, you don't say what version/distro of Linux you're using, or if you're using the stock syslog, or syslog-ng to do this. If it's syslog-ng, your first stop (since you needed a 'quick response') should have been the documentation. Pay particular attention to the keep_hostname and use_dns directives for syslog-ng.
Quick response mean not much Quickly. I can understand your opinion on this my friend.
as I am not much expert in linux but IBM Qradar. My customer have RHEL-6 where rsyslog is running. I configure rsyslog.conf as follows.
*.*@QRadar_IP
and I receive all logs in QRadar with hostname of linux machine. I want rsyslog send logs with the linux machine IP's. that is much understandable.
As for your first question, Customer said that there is no requirement for hostname different. I know that is very silly answer but you know we can't argument.
no in QRadar there is no DNS related option available where I can find subjected information. But someone said that we can add command in rsyslog to set that logs send with Linux machine IP.
As for your first question, Customer said that there is no requirement for hostname different. I know that is very silly answer but you know we can't argument.
no in QRadar there is no DNS related option available where I can find subjected information. But someone said that we can add command in rsyslog to set that logs send with Linux machine IP.
Yes, it's hard to argue with a customer.
You missed one of my questions.
"On the QRADAR server, are there /etc/hosts entries for these remote syslog client hosts?"
Sorry, it did read QNAP, but I edited...
Do you have access to these remote syslog clients?
LinuxQuestions.org is looking for people interested in writing
Editorials, Articles, Reviews, and more. If you'd like to contribute
content, let us know.