WinCollect 101 Administrators can use WinCollect to capture Windows-based events for QRadar SIEM administrators. Find my Version

Select your version

WinCollect is a Syslog event forwarder that administrators can use to forward events from Windows logs to QRadar®. WinCollect can collect events from systems locally or be configured to remotely poll other Windows systems for events. WinCollect uses the Windows Event Log API to gather events, and then WinCollect sends the events to QRadar.

Explore QRadar 101

QRadar home

Return to the QRadar 101 homepage


Learn about QRadar apps

Deploy changes

Learn about deploying changes to QRadar

Disk Space

Learn about managing QRadar disk space


Download software for QRadar

Support Assistance

Read our support policies

Support tools

Browse CLI tools to help with troubleshooting


Browse a directory of our technical notes

Installs and Upgrades

Learn about installing and upgrading QRadar

Known issues

See current and fixed issues with QRadar

IBM prides itself on delivering world class software support with highly skilled, customer-focused people.

Return to 101 home
Contact Support Find your regional support contact

Give Feedback