Question & Answer
How do you collect needed information and logs for WinCollect agent issues?
Administrators who experience issues with WinCollect agents should submit the following information with the support ticket.
Providing a problem description
- A description of the issue, Windows operating systems, and any hostnames or IP addresses that are affected.
- I added 250 log sources by using the log source bulk add feature with WinCollect, and they recently stopped sending events. The last event time is The WinCollect agent name is ____ and the log sources that I want investigated are hostA (220.127.116.11), hostB (18.104.22.168), hostC (22.214.171.124), and hostD (126.96.36.199). Here is a screen capture of the log source configuration.
- I installed a new WinCollect agent on hostnameX using the command-line installer, but it did not work. I tried several more times, but the WinCollect agent does not automatically create my log source. I have attached a text file with the installation command I used, see WC_install.txt.
Instructions for collecting the WinCollect /config and /logs directories:
- Log in to the Windows operating system that hosts the WinCollect agent.
- Click Start > All Programs > Administrative tools > Services.
- Select the WinCollect service.
- Click Stop.
- Click Start > All Programs > Accessories > Windows Explorer.
- Navigate to the WinCollect installation directory. The default path is, C:\Program Files\IBM\WinCollect.
- To select multiple folders, press Ctrl, and select the config and logs folders.
- Right-click on one of the selected folders and select Send to > Compressed (zipped) folder.
- Log in to the support portal to make a service request, IBM Security QRadar SIEM.
- Click Open a new service request > sign in.
- Attach the log file with your description of the issue to the service request ticket.
16 June 2018