IBM Support

IV96608: WINCOLLECT 7.2.6 STOPS COLLECTING EVENTS ON WINDOWS COMPUTERS AFTER THEY REBOOT/RESTART

Subscribe to this APAR

By subscribing, you receive periodic emails alerting you to the status of the APAR, along with a link to the fix after it becomes available. You can track this item individually or track all items by product.

Notify me when this APAR changes.

Notify me when an APAR for this component changes.

 

APAR status

  • Closed as program error.

Error description

  • It has been observed that WinCollect 7.2.6 stops collecting
    events from a monitored Microsoft Windows computer after that
    computer is rebooted.
    The issue has been identifed as being related to the use of
    MSEVEN6 configurations in the Log Source configuration.
    MSEVEN6 is configured to be used by default for polling Windows
    computers when WinCollect 7.2.6 is installed.
    

Local fix

  • Switching the Log Source configuration to use MSEVEN instead of
    MSEVEN6 corrects this issue.
    

Problem summary

  • It has been observed that WinCollect 7.2.6 stops collecting
    events from a monitored Microsoft Windows computer after that
    computer is rebooted.
    The issue has been identifed as being related to the use of
    MSEVEN6 configurations in the Log Source configuration.
    MSEVEN6 is configured to be used by default for polling Windows
    computers when WinCollect 7.2.6 is installed.
    

Problem conclusion

  • This issue has been corrected with the release of WinCollect
    7.2.7
    
    7.2.0-QRADAR-720_QRadar_wincollectupdate-7.2.0.511.sfs
    
    7.3.0-QRADAR-730_QRadar_wincollectupdate-7.3.0.106.sfs
    

Temporary fix

Comments

APAR Information

  • APAR number

    IV96608

  • Reported component name

    QRADAR SOFTWARE

  • Reported component ID

    5725QRDSW

  • Reported release

    720

  • Status

    CLOSED PER

  • PE

    NoPE

  • HIPER

    NoHIPER

  • Special Attention

    NoSpecatt / Xsystem

  • Submitted date

    2017-05-25

  • Closed date

    2017-09-08

  • Last modified date

    2017-09-08

  • APAR is sysrouted FROM one or more of the following:

  • APAR is sysrouted TO one or more of the following:

Fix information

  • Fixed component name

    QRADAR SOFTWARE

  • Fixed component ID

    5725QRDSW

Applicable component levels

  • R727 PSY

       UP

[{"Business Unit":{"code":"BU048","label":"IBM Software"}, "Product":{"code":"SSBQAC","label":"IBM Security QRadar SIEM"},"Component":"","ARM Category":[],"Platform":[{"code":"PF025","label":"Platform Independent"}],"Version":"720","Edition":""}]

Document Information

Modified date:
08 September 2017