LOGbinder SP event collection from Microsoft SharePoint
The IBM® QRadar® DSM for Microsoft SharePoint can collect LOGbinder SP events.
The following table identifies the specifications for the Microsoft SharePoint DSM when
the log source is configured to collect LOGbinder SP events:
| Specification | Value |
|---|---|
| Manufacturer | Microsoft |
| DSM name | Microsoft SharePoint |
| RPM file name | DSM-MicrosoftSharePoint-QRadar_version-build_number.noarch.rpm |
| Supported versions | LOGbinder SP V4.0 |
| Protocol type | Syslog LEEF |
| QRadar recorded event types | All events |
| Automatically discovered? | Yes |
| Included identity? | No |
| More information | http://office.microsoft.com/en-sg/sharepoint/
(http://office.microsoft.com/en-sg/sharepoint/) http://www.logbinder.com/products/logbindersp/ (http://www.logbinder.com/products/logbindersp/) |
The Microsoft SharePoint DSM can collect other types of events. For more information about other Microsoft SharePoint event formats, see the Microsoft SharePoint topic in the DSM Configuration Guide.
To collect LOGbinder events from Microsoft SharePoint, use the following steps:
- If automatic updates are not enabled, download the most recent version of the
following RPMs from the IBM Support Website:
- DSMCommon RPM
- Microsoft SharePoint DSM RPM
- Configure your LOGbinder SP system to send Microsoft SharePoint event logs to QRadar.
- If the log source is not automatically created, add a Microsoft SharePoint DSM
log source on the QRadar
Console. The following table describes the parameters that require specific
values that are required for LOGbinder event collection:
Table 2. Microsoft SharePoint log source parameters for LOGbinder event collection Parameter Value Log Source type Microsoft SharePoint Protocol Configuration Syslog