IBM Support

WinCollect 10: How to modify a TLS Syslog certificate with an agent configuration update script



This article describes how to update the TLS Syslog certificate with an update script. Update scripts allow users to modify the parameters of a log source from a template file. The user modified template can be placed in the /patch directory on the WinCollect agent and the change is applied on the next configuration polling interval and the core AgentConfig.xml file is updated.


WinCollect 10

Resolving The Problem

These installation templates can be used as part of a WinCollect 10 command-line installation to configure or update log source parameters or modify the core AgentConfig.xml parameters for WinCollect.

How to update a TLS certificate in from a template file
The following parameters are required to update a TLS Syslog certificate for your WinCollect agent:

  1. Custom destination port.
  2. TLS certificate for sending events encrypted.
  3. Security, Application, System channels.
  4. XPath Query for SysMon events.
  1. You must have WinCollect 10 installed.
  2. Convert your TLS Syslog certificate to base64.
    Note: The certificate you intend to convert must include the -----BEGIN CERTIFICATE----- and -----END CERTIFICATE----- values. For example,
    -----END CERTIFICATE-----
    The output of the Base64 encoding converts the certificate to a string of text that can be added to the template file. For example,
  3. Download the following example template to update your certificate: wincollect_certificate_update.xml
  4. Edit the WinCollect script and add the Base64 certificate. For example,
    <Parameter name="Certificate"> LS0tLS1CRUdJTiB...
  5. Modify any other parameters from the example file.
  6. Save your changes.
  7. Copy the file to the /IBM/WinCollect/patch directory.

    The agent creates a new configuration in the patch folder and validates the changes. The agent moves the update script, the old AgentConfig.xml file, and the new AgentConfig.xml file into a backup folder (patch_xxxx) and puts the new agent configuration into operation.

Document Location


[{"Type":"MASTER","Line of Business":{"code":"LOB24","label":"Security Software"},"Business Unit":{"code":"BU059","label":"IBM Software w\/o TPS"},"Product":{"code":"SSBQAC","label":"IBM Security QRadar SIEM"},"ARM Category":[{"code":"a8m0z000000cwtwAAA","label":"WinCollect"}],"ARM Case Number":"TS008142964","Platform":[{"code":"PF025","label":"Platform Independent"}],"Version":"All Versions"}]

Document Information

Modified date:
29 February 2024