BalaBit IT Security for Microsoft Windows Events

The Microsoft Windows Security Event Log DSM in IBM® QRadar® can accept Log Event Extended Format (LEEF) events from BalaBit's Syslog-ng Agent.

The BalaBit Syslog-ng Agent forwards the following Windows events to QRadar by using syslog:

  • Windows security
  • Application
  • System
  • DNS
  • DHCP
  • Custom container event logs

Before you can receive events from BalaBit IT Security Syslog-ng Agents, you must install and configure the agent to forward events.

Before you begin

Review the following configuration steps before you configure the BalaBit Syslog-ng Agent:

  1. Install the BalaBit Syslog-ng Agent on your Windows host. For more information, see your BalaBit Syslog-ng Agent documentation.
  2. Configure Syslog-ng Agent Events.
  3. Configure QRadar as a destination for the Syslog-ng Agent.
  4. Restart the Syslog-ng Agent service.
  5. Optional. Configure the log source in QRadar.