Configure Juniper Networks Steel-Belted Radius to forward Windows events to QRadar
You can forward Windows events to IBM® QRadar® by using WinCollect.
To forward Windows events by using WinCollect, install WinCollect agent on a Windows host. Download the WinCollect agent setup file from the IBM Support website (https://www.ibm.com/support). Add a Juniper Steel-Belted Radius log source and assign it to the WinCollect agent.
| Parameter | Value |
|---|---|
| Log Source type | Juniper Steel-Belted Radius |
| Protocol Configuration | WinCollect Juniper SBR |
| Log Source Identifier | The IP address or host name of the Windows device from which you want to collect Windows events. The log source identifier must be unique for the log source type. |
| Local System |
Select the Local System check box to disable the remote collection of events for the log source. The log source uses local system credentials to collect and forward logs to QRadar. You need to configure the Domain, Username, and Password parameters if remote collection is required. |
| Polling Interval | The interval, in milliseconds, between times when WinCollect polls for new events. |
| Enable Active Directory Lookups | Do not select the check box. |
| WinCollectAgent | Select your WinCollect agent from the list. |
| Target Internal Destination | Use any managed host with an event processor component as an internal destination. |
For more information about WinCollect log source parameters, see the Common WinCollect log source parameters documentation (https://www.ibm.com/docs/en/SS42VS_SHR/com.ibm.wincollect.doc/r_ug_wincollect_comon_parameters.html).