Configuring your LOGbinder SQL system to send Microsoft SQL Server event logs to QRadar

To collect Microsoft SQL Server LOGbinder events, you must configure your LOGbinder SQL system to send events to IBM® QRadar®.

Before you begin

Configure LOGbinder SQL to collect events from your Microsoft SQL Server. For more information, see your LOGbinder SQL documentation.

Procedure

  1. Open the LOGbinder SQL Control Panel.
  2. Double-click Output in the Configure pane.
  3. Choose one of the following options:
    • Configure for Syslog-Generic output:
      1. In the Outputs pane, double-click Syslog-Generic.
      2. Select the Send output to Syslog-Generic check box, and then enter the IP address and port of your QRadar Console or Event Collector.
    • Configure for Syslog-LEEF output:
      1. In the Outputs pane, double-click Syslog-LEEF.
      2. Select the Send output to Syslog-LEEF check box, and then enter the IP address and port of your QRadar Console or Event Collector.
  4. Click OK.
  5. To restart the LOGbinder service, click the Restart icon.