JDBC log source parameters for Microsoft Share Point
|Log Source type||Microsoft SharePoint|
|Log Source Identifier||
Type a name for the log source. The name can't contain spaces and must be unique among all log sources of the log source type that is configured to use the JDBC protocol.
If the log source collects events from a single appliance that has a static IP address or host name, use the IP address or host name of the appliance as all or part of the Log Source Identifier value; for example, 192.168.1.1 or JDBC192.168.1.1. If the log source doesn't collect events from a single appliance that has a static IP address or host name, you can use any unique name for the Log Source Identifier value; for example, JDBC1, JDBC2.
From the list, select MSDE.
Type WSS_Logging as the name of the Microsoft SharePoint database.
|IP or Hostname||
Type the IP address or host name of the Microsoft SharePoint SQL Server.
Type the port number that is used by the database server. The default port for MSDE is 1433.
The JDBC configuration port must match the listener port of the Microsoft SharePoint database. The Microsoft SharePoint database must have incoming TCP connections that are enabled to communicate with QRadar.
If you define a Database Instance when you use MSDE as the database type, you must leave the Port parameter blank in your configuration.
Type AuditEvent as the name of the table or view that includes the event records.
Type EventTime as the compare field. The compare field is used to identify new events added between queries to the table.
For a complete list of JDBC protocol parameters and their values, see JDBC protocol configuration options.