About WinCollect 10
About WinCollect 10
Top Videos
WinCollect 10: “Setup Wizard ended prematurely” installer error
QRadar: How to install WinCollect 10
WinCollect 10: Installation and Configuration of WinCollect 10 Using Powershell
WinCollect 10: Adding a New Destination and a New Endpoint to and Existing Group
WinCollect 10: “Agentconfig” File
WinCollect 10: What is auto tuning?
WinCollect 10: Bulk configuring windows events from 100 endpoints
WinCollect 10: Dashboard and console features
QRadar: Find your WinCollect Version
Important Technotes
Ensure that the Windows-based computer that hosts the WinCollect 10 agent meets the minimum hardware and software requirements.
You can install a new WinCollect 10 stand-alone agent by using the Quick Installation or Advanced Installation options. You can also upgrade an existing WinCollect 7.3.0 or later stand-alone agent to the latest version of WinCollect 10.
The WinCollect 10 stand-alone console is automatically installed when you install WinCollect 10.
A source is any log file or event channel on a Windows-based host that you configure WinCollect 10 to collect events from. Sources can be either local or remote.
Destinations are any IBM® QRadar® appliance in your deployment where you want to send your event data. You can send syslog event data using UDP, TCP, or TLS protocols.
Use the Credentials section of the console to add the user accounts that you need.
This article shows you how to enable debug level logging for WinCollect.
For event logs, is there a limit to the size of a Syslog message that QRadar can accept?
WinCollect payloads sent from standalone or managed WinCollect agents will use the protocol defined by the destination.
Why do some Windows events that are remotely polled by WinCollect unexpectedly report a Source and Destination IP address of the WinCollect agent itself?
When I search in QRadar, I do not see data returned in the user interface when I search for my log source in the Log Activity. What might cause this issue?
WinCollect Configuration Console stand alone implementation is not accepting dashes in the domain name.
WinCollect agents can experience an error code 0x0000: ‘Failed to switch security credentials for event log’, This error message is typically associated with a login error.
My WinCollect agents are generating error codes for 0x0005 access denied. Why am I seeing error code 0x0005 from my WinCollect agents?
What to do when a WinCollect Agent in a deployment stopped sending events and is reporting the following error in the device log of the stopped agent: “Error code 0x06B5: The interface is unknown.”
How to troubleshoot RPC issues with my WinCollect agent?
The WinCollect Agent and Log Source are configured using default values and an error Code 0x06D9 is displayed in the Windows device logs.
Why does my WinCollect agent send syslog messages that it cannot read the environment or cannot read the remote registry to format Windows logs properly?
More Help
Windows Resources
Technical articles and resources for WinCollect users.
Still Experiencing an Issue?
To receive help on a WinCollect issue, ensure that you complete the following steps and add the information to the case:
Explore QRadar 101
Return to the QRadar 101 homepage
Learn about QRadar apps
Learn about deploying changes to QRadar
Learn about managing QRadar disk space
Browse a directory of our technical notes
Download software for QRadar
Read our support policies
Browse CLI tools to help with troubleshooting
Learn about installing and upgrading QRadar
See current and fixed issues with QRadar
“IBM prides itself on delivering world class software support with highly skilled, customer-focused people. ”
Give Feedback