Support

Support for business applications

Kaspersky XDR Expert

Managing Kaspersky Unified Monitoring and Analysis Platform

Administrator's guide

Configuring event sources

Configuring receipt of FreeRADIUS events

Configuring a Syslog server to send FreeRADIUS events

Kaspersky Next XDR Expert
Online Help
FAQ Forum Contact support Recovery tools

Configuring a Syslog server to send FreeRADIUS events

May 15, 2024

ID 265594

Get as PDF

The rsyslog service is used to transmit events from the FreeRADIUS server to the KUMA collector.

To configure the sending of events from the server where FreeRADIUS is installed to the collector:

  1. In the /etc/rsyslog.d/ directory, create the FreeRADIUS-to-siem.conf file and add the following line to it:

    If $programname contains 'radiusd' then @<IP address of the collector>:<port of the collector>

    If you want to send events via TCP, the contents of the file must be as follows:

    If $programname contains 'radiusd' then @<IP address of the collector>:<port of the collector>

  2. Create a backup copy of the /etc/rsyslog.conf file.
  3. Add the following lines to the /etc/rsyslog.conf configuration file:

    $IncludeConfig /etc/FreeRADIUS-to-siem.conf

    $RepeatedMsgReduction off

  4. Save your changes.
  5. Restart the rsyslog service:

    sudo systemctl restart rsyslog.service

The export of events from the FreeRADIUS server to the KUMA collector is configured.

Did you find this article helpful?
What can we do better?
Thank you for your feedback! You're helping us improve.
Thank you for your feedback! You're helping us improve.