Ensure that the Windows-based computer that hosts the WinCollect 10 agent meets the minimum hardware and software requirements

You can install a new WinCollect 10 stand-alone agent by using the Quick Installation or Advanced Installation options. You can also upgrade an existing WinCollect 7.3.0 or later stand-alone agent to the latest version of WinCollect 10.

The WinCollect 10 stand-alone console is automatically installed when you install WinCollect 10.

A source is any log file or event channel on a Windows-based host that you configure WinCollect 10 to collect events from. Sources can be either local or remote.

Destinations are any IBM® QRadar® appliance in your deployment where you want to send your event data. You can send syslog event data using UDP, TCP, or TLS protocols.

Use the Credentials section of the console to add the user accounts that you need.

This article shows you how to enable debug level logging for WinCollect.

For event logs, is there a limit to the size of a Syslog message that QRadar can accept?

WinCollect payloads sent from standalone or managed WinCollect agents will use the protocol defined by the destination.

Why do some Windows events that are remotely polled by WinCollect unexpectedly report a Source and Destination IP address of the WinCollect agent itself?

When I search in QRadar, I do not see data returned in the user interface when I search for my log source in the Log Activity. What might cause this issue?

WinCollect Configuration Console stand alone implementation is not accepting dashes in the domain name.

WinCollect agents can experience an error code 0x0000: ‘Failed to switch security credentials for event log’, This error message is typically associated with a login error.

My WinCollect agents are generating error codes for 0x0005 access denied. Why am I seeing error code 0x0005 from my WinCollect agents?

What to do when a WinCollect Agent in a deployment stopped sending events and is reporting the following error in the device log of the stopped agent: “Error code 0x06B5: The interface is unknown.”

How to troubleshoot RPC issues with my WinCollect agent?

The WinCollect Agent and Log Source are configured using default values and an error Code 0x06D9 is displayed in the Windows device logs.

Why does my WinCollect agent send syslog messages that it cannot read the environment or cannot read the remote registry to format Windows logs properly?