Migrating from Adaptive Log Exporter to WinCollect

To migrate from Adaptive Log Exporter (ALE) deployments to WinCollect, install the WinCollect agent, create a log source, and decommission ALE on the Windows host. The ALE product is end of life (EOL), and is no longer supported.

1. Install the WinCollect SFS on the IBM® QRadar® SIEM Console.
2. Click the Admin tab.
3. From the Data Sources, click Wincollect.
4. On the WinCollect page, create a WinCollect destination by clicking Destinations > Add.
5. Install the WinCollect agent on the Windows host. For more information, see Installing the WinCollect agent on a Windows host.
   Note: You can create a log source from the WinCollect installation wizard.
6. Wait for the WinCollect agents to auto discover.
7. Optional. Create a WinCollect log source in QRadar to replace the existing log source that is used by the Adaptive Log Exporter. For more information, see Adding a log source to a WinCollect agent.
   Note: You can skip step 7 if Create Log Source was selected during the installation of WinCollect. Log sources that use the WinCollect protocol can be created individually or added in bulk for WinCollect agents that remotely poll for events.
8. In the Log Activity tab, verify that events are received.
9. Decommission the Adaptive Log Exporter:
   1. Close all active applications on the Windows host.
   2. Open the Windows command prompt.
   3. Go to the installation directory for the Adaptive Log Exporter.
      Note: ALE standard installation directory is the Program Files or Program Files (x86) directory.
   4. To uninstall the Adaptive Log Exporter, type the following command:

      unins000.exe /SILENT /VERYSILENT