Collecting remote Windows logs

This use case scenario describes the settings that are required in the WinCollect Configuration Console to collect windows logs from hosts that do not have WinCollect software installed, and send the logs to IBM® QRadar®.

About this task

Note: WinCollect does not support reverting Citrix Virtual Machines that are polled remotely.

Procedure

  1. Install the WinCollect Configuration Console on the windows machine that collects the log information. Download the patch from IBM Support (www.ibm.com/support/fixcentral).
  2. Create a credential to use when you log in to remote hosts. See Creating a WinCollect credential.
  3. Create the QRadar destination where Windows events are sent. See Adding a destination to the WinCollect Configuration Console.
  4. Configure the devices that are monitored. See Adding a device to the WinCollect Configuration Console.
    Important: In the Device Address field, type the IP address or hostname of the remote Windows system that you want to poll for events.
  5. Click Deploy Changes under Actions.