Configuring the DbProtect LEEF Relay

After you install the DbProtect LEEF Relay module, configure the service to forward events to IBM® QRadar®.

Before you begin

Stop the DbProtect LEEF Relay service before you edit any configuration values.

Procedure

  1. Log in to the DbProtect LEEF Relay server.
  2. Access the C:\Program Files (x86)\AppSecInc\AppSecLEEFConverter directory.
  3. Edit the AppSecLEEFConverter.exe.config file. Configure the following values:
    Parameter Description
    SyslogListenerPort The port number that the DbProtect LEEF Relay uses to listen for syslog messages from the DbProtect console.
    SyslogDestinationHost The IP address of your QRadar Console or Event Collector.
    SyslogDestinationPort 514
    LogFileName A file name for the DbProtect LEEF Relay to write debug and log messages. The LocalSystem user account that runs the DbProtect LEEF Relay service must have write privileges to the file path that you specify.
  4. Save the configuration changes to the file.
  5. On the desktop of the DbProtect console, select Start > Run.
  6. Type the following command:

    services.msc

  7. Click OK.
  8. In the details pane of the Services window, verify the DbProtect LEEF Relay is started and set to automatic startup.
  9. To change a service property, right-click the service name, and then click Properties.
  10. Using the Startup type list, select Automatic.
  11. If the DbProtect LEEF Relay is not started, click Start.

What to do next

Configuring DbProtect alerts