WinCollect terminology
Definitions of terms commonly used in WinCollect 10 documentation.
- Advanced installer
- Select the Advanced option on the WinCollect graphical installer to specify which WinCollect 10 components to install and where to install them.
- Advanced UI
- Turn on this feature to see advanced settings in the WinCollect Console.
- Agent settings
- Use Agent settings to configure specific agent settings, such as the Agent Identifier and where to send status messages.
- Destination
- Destinations are where you want to send your event data. You can send syslog event data using UDP, TCP, or TLS protocols. A destination can be any IBM® QRadar® appliance in your deployment.
- Identifier
- The agent identifier is usually the hostname value from the environment settings.
- Local source
- A source that is configured to collect data that is local to where the agent is installed.
- Log configuration
- Increase or decrease the level of logging. For example, set logging to DEBUG.
- Remote source
- A source that is configured to collect data that is not local to where the agent is installed. A remote source requires credentials and a device name to collect the remote events.
- Secondary destination
- You can add a secondary destination to receive events from your WinCollect agents if the primary destination fails.
- Service status
- In the Service Status section of the console, you can quickly see the status of the WinCollect agent service.
- Source
- A source is similar to a log source, except that unlike some prior WinCollect log sources (such as Microsoft Security Event Logs), which collected data from one to many sources (Security, System, or Application event channels), WinCollect 10 uses single sources. For example, if you want to collect Security events, that is one source. Using sources, you can apply configuration changes at a lower level. For example, instead of collecting events for all channels at 3 seconds, you can configure different polling intervals based on how busy each channel is.
- Stand-alone
- A stand-alone deployment is a Windows host in unmanaged mode with WinCollect software installed. The Windows host can either gather information from itself, the local host, or remote Windows hosts.
- Status messages
- WinCollect 10 can send agent status information (e.g., Service is stopping or starting) to QRadar in the form of status messages.
- Support files
- The Collect Support Files option collects and compresses the necessary WinCollect configuration and log files and saves them to the log folder. You can then upload this file to a support case with IBM Support.
- Update script
- You can use update scripts to change the agent configuration without making manual changes to the AgentConfig.xml file or using the Configuration console. When you copy an update script to the WinCollect patch directory, the agent completes the actions described in your script.