Configuring ESET Remote Administrator to communicate with QRadar

Configure your ESET Remote Administrator (ERA) server to send LEEF formatted syslog events to IBM QRadar.

About this task

To complete the configuration, you must enable the Syslog server, and then configure the logging settings.
Note:
The required parameters listed in the following steps are configured in the Server Settings pane. To see a graphic, go to the ESET website. (http://help.eset.com/era_admin/64/en-US/index.html?admin_server_settings_export_to_syslog.htm)

Procedure

  1. Log in to your ERA web console.
  2. In the Admin navigation pane, click Server Settings.
  3. In the SYSLOG SERVER area, select the Use Syslog server check box.
  4. In the Host field, type the host name for your QRadar Event Collector.
  5. In the Port field, type 514.
  6. In the LOGGING area, select the Export logs to Syslog check box.
  7. From the Exported logs format list, select LEEF.
  8. Click Save.