LOGbinder SQL event collection from Microsoft SQL Server
The IBM QRadar DSM for Microsoft SQL Server can collect LOGbinder SQL events.
The following table identifies the specifications for the Microsoft SQL Server DSM when
the log source is configured to collect LOGbinder SQL events:
Specification | Value |
---|---|
Manufacturer | Microsoft |
DSM name | Microsoft SQL Server |
RPM file name | DSM-MicrosoftSQL-QRadar_version-build_number.noarch.rpm |
Supported versions | LOGBinder SQL V2.0 |
Protocol type | Syslog |
QRadar recorded event types | All events |
Automatically discovered? | Yes |
Included identity? | Yes |
More information | LogBinder SQL website
(http://www.logbinder.com/products/logbindersql/) Microsoft SQL Server website (http://www.microsoft.com/en-us/server-cloud/products/sql-server/) |
The Microsoft SQL Server DSM can collect other types of events. For more information about other Microsoft SQL Server event formats, see the Microsoft SQL Server topic in the DSM Configuration Guide.
To collect LOGbinder events from Microsoft SQL Server, use the following steps:
- If automatic updates are not enabled, download the most recent version of the
following RPMs from the IBM® Support Website:
- DSMCommon RPM
- Microsoft SQL Server DSM RPM
- Configure your LOGbinder SQL system to send Microsoft SQL Server event logs to QRadar.
- If the log source is not automatically created, add a Microsoft SQL Server DSM
log source on the QRadar
Console. The following table describes the parameters that require specific
values that are required for LOGbinder event collection:
Table 2. Microsoft SQL Server log source parameters for LOGbinder event collection Parameter Value Log Source type Microsoft SQL Server Protocol Configuration Syslog