Enabling statistics messages
WinCollect 10 can send agent statistics to IBM® QRadar® in the form of status messages.
Procedure
- Click .
- In the Status Message section, select Statistics.
- Click Save.
- Deploy your changes. WinCollect 10 starts sending status messages to your status server.
Example
<13>Jan 29 13:06:00 WCDEMODC LEEF:1.0|IBM|WinCollect|10.0.0.106|2|src=WCDEMODC
os=Windows Server 2016 (Build 17763 64-bit) dst=wc1.canlab.ibm.com sev=3
log=System.WinCollect.Statistics msg=Target.QRadar=0 UserData.DiskSpaceUsed=0After you
enable some sources, the status messages show events that are collected from multiple sources. In
this example, msg=FromSources=3 indicates that events are collected from three
sources: <13>Jan 29 13:22:00 WCDEMODC LEEF:1.0|IBM|WinCollect|10.0.0.106|2|src=WCDEMODC
os=Windows Server 2016 (Build 17763 64-bit) dst=wc1.canlab.ibm.com sev=3
log=System.WinCollect.Statistics msg=FromSources=3 Target.QRadar=3
UserData.DiskSpaceUsed=0