Creating a local source
Use the WinCollect 10 Source wizard to create a Local source if the agent is installed on the local device.
- Click Create Source.
- Select or create a Source Group to keep your related sources
together. You can edit sources in bulk that are in the same group.
- Select a Source Type. The Source Type defines the type of logs you want to collect. For example, if you want to collect standard Windows events then select Microsoft Windows Events.
- Configure the Source Parameters.
- Microsoft Windows Events
- Monitor common event channels within the Windows event logging system, including XML queries (XPath).
- Enable the channels that you want to collect from.
- Select a Destination. WinCollect destinations define the parameters for how the WinCollect agent forwards events and logs to an IBM® QRadar® appliance.Tip: If you select an existing destination that is disabled, the wizard enables it while configuring the source.
- Click Summary to view a list of the changes you made.
- Click Apply.