Configuring your LOGbinder SP system to send Microsoft SharePoint event logs to QRadar

To collect Microsoft SharePoint LOGbinder events, you must configure your LOGbinder SP system to send events to IBM® QRadar®.

Procedure

  1. Open the LOGbinder SP Control Panel.
  2. Double-click Output in the Configure pane.
  3. Choose one of the following options:
    • Configure for Syslog-Generic output:
      1. In the Outputs pane, double-click Syslog-Generic.
      2. Select the Send output to Syslog-Generic check box, and then enter the IP address and port of your QRadar Console or Event Collector.
    • Configure for Syslog-LEEF output:
      1. In the Outputs pane, double-click Syslog-LEEF.
      2. Select the Send output to Syslog-LEEF check box, and then enter the IP address and port of your QRadar Console or Event Collector.
  4. Click OK.
  5. To restart the LOGbinder service, click the Restart icon.