Configuring your cluster to receive audit logs over TLS
You can configure IBM QRadar to receive audit logs over TLS.
To add a log source to receive events, see Adding a log source to receive events.
Generating self-signed certificates
IBM QRadar TLS syslog needs both public and private keys in the proper format. A custom private key pair must be in DER-encoded PKCS8 format.
Note: Restrict ca cert
use. It is used for the TLS log source.
The following process creates private_key.der
and public_key.pem
.
public_key.pem
can be used as a server certificate. Fluentd (client) will use it as a client cert to send logs over TLS (For proof of concept only)-
private_key.der
can be used as a private keyopenssl genrsa -out /tmp/private_key.pem 2048
openssl pkcs8 -topk8 -inform PEM -outform DER -in /tmp/private_key.pem -out /tmp/private_key.der -nocrypt
openssl req -new -key /tmp/private_key.pem -out /tmp/csr.pem
openssl req -x509 -sha512 -days 365 -in /tmp/csr.pem -key /tmp/private_key.der -keyform DER -out /tmp/public_key.pem
Note: The common name field is important. Use the host name of the IBM QRadar server.