Use the WinCollect 10 Source
wizard to create a Local source if the agent is installed on the local
device.
Procedure
-
Click Create Source.
- Select or create a Source Group to keep your related sources
together.
You can edit sources in bulk that are in the same group.
- Select a Source Type.
The Source
Type defines the type of logs you want to collect. For example, if you want to collect standard Windows events then select Microsoft Windows Events.
- Configure the Source Parameters.
- Microsoft
Windows Events
- Monitor common event channels within the Windows event
logging system, including XML queries (XPath).
- Enable the channels that you want to collect from.
- Select a Destination.
WinCollect destinations define the
parameters for how the
WinCollect agent
forwards events and logs to an
IBM®
QRadar® appliance.
Tip: If you select an existing destination that is disabled, the wizard enables it while
configuring the source.
- Click Summary to view a list of the changes you made.
- Click Apply.