We are testing logbinder for SQL and have a small problem.
We are collecting logs from a SQL and are sending them to a Qradar, the Qradar does however see the events coming from the Logbinder server (that is not the same as the SQL server).
The reason for that is Qradar can’t identify a log source within the event, it usually does that with an IP and there are not any source IP in the event. Have you seen the problem before and maybe have a workaround?
Since we would like the Logbinder for SQL to have multiple inputs from several SQL servers we would like to identify every source on its own.