Configuring the Syslog-ng Agent event source

Before you can forward events to IBM QRadar, you must specify what Windows-based events the Syslog-ng Agent collects.

1. From the Start menu, select All Programs > syslog-ng Agent for Windows > Configure syslog-ng Agent for Windows.

   The Syslog-ng Agent window is displayed.

2. Expand the Syslog-ng Agent Settings pane, and select Eventlog Sources.
3. Double-click Event Containers.

   The Event Containers Properties window is displayed.

4. From the Event Containers pane, select the Enable radio button.
5. Select a check box for each event type you want to collect:
   • Application - Select this check box if you want the device to monitor the Windows application event log.
   • Security - Select this check box if you want the device to monitor the Windows security event log.
   • System - Select this check box if you want the device to monitor the Windows system event log.

   Note: BalaBit's Syslog-ng Agent supports other event types, such as DNS or DHCP events by using custom containers. For more information, see your BalaBit Syslog-ng Agent documentation.
6. Click Apply, and then click OK.

   The event configuration for your BalaBit Syslog-ng Agent is complete. You are now ready to configure QRadar as a destination for Syslog-ng Agent events.