This use case scenario describes the settings required to collect logs from the host
where the WinCollect Configuration Console is
installed, and send them to IBM®
QRadar®.
Procedure
-
Install the WinCollect Configuration
Console on the host on which that you want to collect windows logs. Download the patch from IBM Support (www.ibm.com/support/fixcentral).
-
Create a destination for the QRadar instance where you want to
send WinCollect information. See Adding a destination to the WinCollect Configuration Console.
- Configure the local Microsoft event
log device that is monitored. See Adding a device to the WinCollect Configuration Console.
Important: In the Device Address field, type the IP address or
hostname of the local Windows system that you want to poll
for events.
- Click Deploy Changes under Actions.