BalaBit IT Security for Microsoft Windows Events
The Microsoft Windows Security Event Log DSM in IBM® QRadar® can accept Log Event Extended Format (LEEF) events from BalaBit's Syslog-ng Agent.
The BalaBit Syslog-ng Agent forwards the following Windows events to QRadar by using syslog:
- Windows security
- Custom container event logs
Before you can receive events from BalaBit IT Security Syslog-ng Agents, you must install and configure the agent to forward events.
Before you begin
Review the following configuration steps before you configure the BalaBit Syslog-ng Agent:
- Install the BalaBit Syslog-ng Agent on your Windows host. For more information, see your BalaBit Syslog-ng Agent documentation.
- Configure Syslog-ng Agent Events.
- Configure QRadar as a destination for the Syslog-ng Agent.
- Restart the Syslog-ng Agent service.
- Optional. Configure the log source in QRadar.