Creating a remote source

To collect events from a different device that doesn't have the WinCollect 10 agent installed, create a Remote source.

1. Click Create Source.
2. Select the Remote Type:

   Option	Description
   Single	Add one remote source.
   Bulk	Add up to 500 remote sources.

3. Select or create a Source Group to keep your related sources together.
   You can edit sources in bulk that are in the same group.
4. Select a Source Type.
   The Source Type defines the type of logs you want to collect. For example, if you want to collect standard Windows events then select Microsoft Windows Events.
5. Configure the Source Parameters.

   Microsoft Windows Events

   Monitor common event channels within the Windows event logging system, including XML queries (XPath).

6. Enable the channels that you want to collect from.
7. Select Credentials.
   A credential contains login information that the WinCollect agent uses to connect to remote devices.
8. Select Bulk Add Devices.
   You can either upload a text file with a list of devices to add one per line, or manually enter them one at a time and click Add. Bulk Template file example (WinCollectBulkAddSample.txt)

   172.18.100.200
   172.18.100.201
   test.example.net.workstation1
   172.18.100.202
   172.16.200.100
   172.16.200.101
   test.example.net.workstation2
   172.18.200.102

9. To perform a connection test, select the devices that you want to test.
   The test is performed when you proceed to the next step.

   Note: A failed connection can take up to 20 seconds to time out.
10. Select a Destination.
    WinCollect destinations define the parameters for how the WinCollect agent forwards events and logs to an IBM® QRadar® appliance.

    Tip: If you select an existing destination that is disabled, the wizard enables it while configuring the source.
11. Click Summary to view a list of the changes you made.
12. Click Apply.