page-brochureware.php
QRadar 101
WinCollect 7 Administrators can use WinCollect to capture Windows-based events for QRadar SIEM administrators. WinCollect 7.3.1-43 (7.5.0 UP8 and later) WinCollect 7.3.1-28 (7.5.0 UP4 to UP7) WinCollect 7.3.1-22 (7.5.0 UP3 or earlier)

Important Notices


Upgrade information curated by the QRadar Support team. Review this list for important upgrade APARs, and notices for administrators.



Search for additional known issues

DT269649: Closed

WinCollect 7 agents cannot receive updates from encrypted QRadar Managed Hosts with 7.5.0 UP7 IF5

DT195832: Closed

After upgrading to 7.5.0 UP4, WinCollect 7.4.x agents can experience management or configuration change error

DT257945: Open

Auto-discovered Log source may be created by QRadar before WinCollect can configure the correct Managed WinCollect Log source

DT252120: Open

WinCollect can generate two instances of the same event with two different event type values

DT251882: Open

Managed WinCollect agents can fail to reconnect automatically after a connection is forcibly closed

Troubleshooting Help

WinCollect Resources


Technical articles and resources for WinCollect users.



WinCollect Guide

Collecting logs to get WinCollect support assistance

Log Source Event Rates & Tuning Profiles

About WinCollect Event Filtering

Troubleshooting incoming events in QRadar

WinCollect: Incomplete Event Payload

Usernames show N/A in the user interface

GitHub: Event Log Reporting Tool

Microsoft: How to limit dynamic ports for RPC calls

Expert Blogs

View all blog posts
New! Agent Install with TLS Destination

This blog describes how to install a WinCollect agent using both the installer UI and command line to use TLS syslog to send events to your QRadar deployment.

 Monitoring WinCollect agents

This blog describes how to use Custom Event Properties (CEPs), rules, AQL, and reference sets to monitor WinCollect managed and standlone agents in a Pulse dashboard.

Adding Device Types to Stand-alone WinCollect

This blog describes how to deploy an additional “plugin-in/service” without the need to install the stand-alone patch installer on each Windows host.

Install WinCollect to Include XPath Queries

This blog post informs users how to install a Stand-alone WinCollect 7.2.8 agent from the command line to create a log source containing an XPath Query

 Install WinCollect to Include NSA Filters

How to install a Stand-alone WinCollect 7.2.8 agent from the command line to create a log source containing the NSA filter in your log source.

DNS Server Analytic WinCollect Configurations

This blog post guides administrators through a how-to administrators can follow when they attempt to configure WinCollect to collect DNS Server Analytic logs for the first time.

Stand-alone WinCollect and Template XML Installs

Templates allow administrators to deploy stand-alone agent configurations without having to manually alter the Agentconfig.xml or script changes.

 Bulk Editing in WinCollect & Log Source Management

Leverage the power of Log Source Management app from the X-force App Exchange to easily edit your WinCollect log sources

Still Experiencing an Issue?


To receive help on a WinCollect issue, ensure that you complete the following steps and add the information to the case:
Step 1 Collect logs from your WinCollect agent experiencing an issue. Step 2 Collect logs from your QRadar Console. Step 3 Open a case with QRadar Support. Step 4 Describe your issue and any troubleshooting steps you attempted. Step 5 If possible, describe any recent administrator actions, such as a configuration restore or upgrade. Step 6 Ensure that your case includes contact information, such as your email or phone number.

Explore QRadar 101

 QRadar home

Return to the QRadar 101 homepage

 Applications

Learn about QRadar apps

 Deploy changes

Learn about deploying changes to QRadar

 Disk Space

Learn about managing QRadar disk space

 Software

Download software for QRadar

 Support Assistance

Read our support policies

 Support tools

Browse CLI tools to help with troubleshooting

 Technotes

Browse a directory of our technical notes

 Installs and Upgrades

Learn about installing and upgrading QRadar

 Known issues

See current and fixed issues with QRadar

IBM prides itself on delivering world class software support with highly skilled, customer-focused people.


Return to 101 home
Contact Support Find your regional support contact
  Important: Administrators who upgrade to QRadar 7.5.0 Update Package 8 with managed WinCollect 7 agents must download and install 7.3.1 P3 (7.3.1-43) on their Console.

Give Feedback

Back to top