LOGbinder SQL event collection from Microsoft SQL Server

The IBM QRadar DSM for Microsoft SQL Server can collect LOGbinder SQL events.

The following table identifies the specifications for the Microsoft SQL Server DSM when the log source is configured to collect LOGbinder SQL events:
Table 1. LOGbinder for Microsoft SQL Server specifications
Specification Value
Manufacturer Microsoft
DSM name Microsoft SQL Server
RPM file name DSM-MicrosoftSQL-QRadar_version-build_number.noarch.rpm
Supported versions LOGBinder SQL V2.0
Protocol type Syslog
QRadar recorded event types All events
Automatically discovered? Yes
Included identity? Yes
More information LogBinder SQL website (http://www.logbinder.com/products/logbindersql/)

Microsoft SQL Server website (http://www.microsoft.com/en-us/server-cloud/products/sql-server/)

The Microsoft SQL Server DSM can collect other types of events. For more information about other Microsoft SQL Server event formats, see the Microsoft SQL Server topic in the DSM Configuration Guide.

To collect LOGbinder events from Microsoft SQL Server, use the following steps:
  1. If automatic updates are not enabled, download the most recent version of the following RPMs from the IBM® Support Website:
    • DSMCommon RPM
    • Microsoft SQL Server DSM RPM
  2. Configure your LOGbinder SQL system to send Microsoft SQL Server event logs to QRadar.
  3. If the log source is not automatically created, add a Microsoft SQL Server DSM log source on the QRadar Console. The following table describes the parameters that require specific values that are required for LOGbinder event collection:
    Table 2. Microsoft SQL Server log source parameters for LOGbinder event collection
    Parameter Value
    Log Source type Microsoft SQL Server
    Protocol Configuration Syslog