Configuring your LOGbinder EX system to send Microsoft Exchange event logs to QRadar

To collect Microsoft Exchange LOGbinder events, you must configure your LOGbinder EX system to send events to IBM® QRadar®.

Before you begin

Configure LOGbinder EX to collect events from your Microsoft Exchange Server. For more information, see your LOGbinder EX documentation.

Procedure

  1. Open the LOGbinder EX Control Panel.
  2. Double-click Output in the Configure pane.
  3. Choose one of the following options:
    • Configure for Syslog-Generic output:
      1. In the Outputs pane, double-click Syslog-Generic.
      2. Select the Send output to Syslog-Generic check box, and then enter the IP address and port of your QRadar Console or Event Collector.
    • Configure for Syslog-LEEF output:
      1. In the Outputs pane, double-click Syslog-LEEF.
      2. Select the Send output to Syslog-LEEF check box, and then enter the IP address and port of your QRadar Console or Event Collector.
  4. Click OK.
  5. To restart the LOGbinder service, click the Restart icon.