Before the Syslog-ng Agent can forward LEEF formatted events, you must restart the Syslog-ng Agent service on the Windows host.
Procedure
-
From the Start menu, select Run.
The Run window is displayed.
-
Type the following text:
-
Click OK.
The Services window is displayed.
-
In the Name column, right-click on Syslog-ng Agent for
Windows, and select Restart.
After the Syslog-ng Agent for Windows service restarts,
the configuration is complete. Syslog events from the BalaBit Syslog-ng Agent are automatically
discovered by IBM®
QRadar®. The
Windows events that are automatically discovered are
displayed as Microsoft
Windows Security Event Logs on the Log
Activity tab.