page-brochureware.php
QRadar 101
Open Here
WinCollect 7 Administrators can use WinCollect to capture Windows-based events for QRadar SIEM administrators. WinCollect 7.3.1-122 (7.5.0 UP12 and later) WinCollect 7.3.1-43 (7.5.0 UP8 to UP11) WinCollect 7.3.1-28 (7.5.0 UP4 to UP7)

Important Notices


Upgrade information curated by the QRadar Support team. Review this list for important upgrade APARs, and notices for administrators.



Search for additional known issues

DT269649: Closed

WinCollect 7 agents cannot receive updates from encrypted QRadar Managed Hosts with 7.5.0 UP7 IF5

DT195832: Closed

After upgrading to 7.5.0 UP4, WinCollect 7.4.x agents can experience management or configuration change error

DT257945: Open

Auto-discovered Log source may be created by QRadar before WinCollect can configure the correct Managed WinCollect Log source

DT252120: Open

WinCollect can generate two instances of the same event with two different event type values

DT251882: Open

Managed WinCollect agents can fail to reconnect automatically after a connection is forcibly closed

Troubleshooting Help

CONFIGURATION

How to convert managed WinCollect to Stand-alone for QRadar on Cloud migrations How to change the port used to manage WinCollect agents How do I use WinCollect to import DNS Debug logs?10 Changing the default WinCollect Agent name results in alog source not being assigned Windows events and asset information Windows events truncated due to payloads > 4,098 bytes? WinCollectSvc: Could not restart agent process after unexpected exit

WINCOLLECT ERROR MESSAGES

ERROR: This patch was meant for a different version (7.3, 7.3.0) Error message: Configuration file fingerprints don’t match Error code 0x0000: Failed to switch security credentials for event log Error code 0x06BA: RPC server is unavailable Error code 0x0005: Access denied Error code 0x06B5: The interface is unknown Error Code 9329: The requested address is not valid Error code 0x80000003: Configuration server registration failed with response code Error code 0x80000004: Agent Upgrades Fails with Timeout Error Error code 0x80000007: Configuration server registration failed with response code Error code 0x06D9: There are no more endpoints available from the endpoint mapper

WinCollect Resources


Technical articles and resources for WinCollect users.


Wincollect guide

Collecting logs to get WinCollect support assistance

Log Source Event Rates & Tuning Profiles

About WinCollect Event Filtering

Troubleshooting incoming events in QRadar

WinCollect: Incomplete Event Payload

Usernames show N/A in the user interface

GitHub: Event Log Reporting Tool

Microsoft: How to limit dynamic ports for RPC calls

Expert Blogs Stay up to date with the latest posts.

New! Agent Install with TLS Destination

This blog describes how to install a WinCollect agent using both the installer UI and command line to use TLS syslog to send events to your QRadar deployment.

WinCollect blog
Monitoring WinCollect agents

This blog describes how to use Custom Event Properties (CEPs), rules, AQL, and reference sets to monitor WinCollect managed and standlone agents in a Pulse dashboard.

WinCollect blog
Adding Device Types to Stand-alone WinCollect

This blog describes how to deploy an additional “plugin-in/service” without the need to install the stand-alone patch installer on each Windows host.

WinCollect blog
Install WinCollect to Include XPath Queries

This blog post informs users how to install a Stand-alone WinCollect 7.2.8 agent from the command line to create a log source containing an XPath Query

WinCollect blog
Install WinCollect to Include NSA Filters

How to install a Stand-alone WinCollect 7.2.8 agent from the command line to create a log source containing the NSA filter in your log source.

WinCollect Information
DNS Server Analytic WinCollect Configurations

This blog post guides administrators through a how-to administrators can follow when they attempt to configure WinCollect to collect DNS Server Analytic logs for the first time.

WinCollect blog
Stand-alone WinCollect and Template XML Installs

Templates allow administrators to deploy stand-alone agent configurations without having to manually alter the Agentconfig.xml or script changes.

WinCollect Information
Bulk Editing in WinCollect & Log Source Management

Leverage the power of Log Source Management app from the X-force App Exchange to easily edit your WinCollect log sources

WinCollect Information
Still Experiencing an Issue? To receive help on a WinCollect issue, ensure that you complete the following steps and add the information to the case: Step 1 Collect logs from your WinCollect agent experiencing an issue. Step 2 Collect logs from your QRadar Console. Step 3 Open a case with QRadar Support. Step 4

Describe your issue and any troubleshooting steps you attempted.

 Step 5

If possible, describe any recent administrator actions, such as a configuration restore or upgrade.

Step 6

Ensure that your case includes contact information, such as your email or phone number.

Explore QRadar 101

QRadar home

Return to the QRadar 101 homepage
Applications

Learn about QRadar apps
Deploy changes

Learn about deploying changes to QRadar
Disk Space

Learn about managing QRadar disk space
Software

Download software for QRadar
Support Assistance

Read our support policies
Support tools

Browse CLI tools to help with troubleshooting
Technotes

Browse a directory of our technical notes
Installs and Upgrades

Learn about installing and upgrading QRadar
Known issues

See current and fixed issues with QRadar
image

IBM prides itself on delivering world class software support with highly skilled, customer-focused people.


Return to 101 home

Contact Support

Asia Pacific Europe Latin America North America Middle East and Africa

Back to top