Important Notices
Upgrade information curated by the QRadar Support team. Review this list for important upgrade APARs, and notices for administrators.
DT269649: Closed
WinCollect 7 agents cannot receive updates from encrypted QRadar Managed Hosts with 7.5.0 UP7 IF5
DT195832: Closed
After upgrading to 7.5.0 UP4, WinCollect 7.4.x agents can experience management or configuration change error
DT257945: Open
Auto-discovered Log source may be created by QRadar before WinCollect can configure the correct Managed WinCollect Log source
DT252120: Open
WinCollect can generate two instances of the same event with two different event type values
DT251882: Open
Managed WinCollect agents can fail to reconnect automatically after a connection is forcibly closed
Troubleshooting Help
WinCollect Resources
Technical articles and resources for WinCollect users.
Collecting logs to get WinCollect support assistance
Log Source Event Rates & Tuning Profiles
About WinCollect Event Filtering
Troubleshooting incoming events in QRadar
WinCollect: Incomplete Event Payload
Usernames show N/A in the user interface
GitHub: Event Log Reporting Tool
Microsoft: How to limit dynamic ports for RPC calls
Expert Blogs
This blog describes how to install a WinCollect agent using both the installer UI and command line to use TLS syslog to send events to your QRadar deployment.
This blog describes how to use Custom Event Properties (CEPs), rules, AQL, and reference sets to monitor WinCollect managed and standlone agents in a Pulse dashboard.
This blog describes how to deploy an additional “plugin-in/service” without the need to install the stand-alone patch installer on each Windows host.
This blog post informs users how to install a Stand-alone WinCollect 7.2.8 agent from the command line to create a log source containing an XPath Query
How to install a Stand-alone WinCollect 7.2.8 agent from the command line to create a log source containing the NSA filter in your log source.
This blog post guides administrators through a how-to administrators can follow when they attempt to configure WinCollect to collect DNS Server Analytic logs for the first time.
Templates allow administrators to deploy stand-alone agent configurations without having to manually alter the Agentconfig.xml or script changes.
Leverage the power of Log Source Management app from the X-force App Exchange to easily edit your WinCollect log sources
Still Experiencing an Issue?
To receive help on a WinCollect issue, ensure that you complete the following steps and add the information to the case:
Explore QRadar 101
Return to the QRadar 101 homepage
Learn about QRadar apps
Learn about deploying changes to QRadar
Learn about managing QRadar disk space
Download software for QRadar
Read our support policies
Browse CLI tools to help with troubleshooting
Browse a directory of our technical notes
Learn about installing and upgrading QRadar
See current and fixed issues with QRadar
“IBM prides itself on delivering world class software support with highly skilled, customer-focused people. ”
Give Feedback
Give Feedback