You can increase the payload size for UDP syslog destinations in the Agent Configuration
file.
About this task
The default payload size for UDP destination packages is 1,024 bytes. You can increase the
payload size for a stand-alone WinCollect
agent by adding a parameter in the Agent Configuration file.
Important: After you change the payload size for the WinCollect agent, you must increase the
maximum UDP payload size in QRadar®.
Procedure
-
Open the Agent Configuration XML file.
The default path to this file is
WinCollect\config\AgentConfig.xml.
-
Add the following parameter to the
UDPSendStage module:
<Parameter name="MaxPayloadSize" value="<desired value>" />
Example of the
module:
<Module order="4" service_name="UDPSendStage">
<Environment>
<Parameter value="<Destination IP>" name="TargetAddress"/>
<Parameter value="514" name="TargetPort"/>
<Parameter name="MaxPayloadSize" value="4096"/>
</Environment>
</Module>
-
Save the file, and restart the WinCollect agent.
What to do next
After you change the payload size for the WinCollect agent, you must increase the
maximum UDP payload size in QRadar. For more information on
increasing payload size in QRadar, see TCP and UDP Syslog maximum payload message length for QRadar appliances.