Hi everyone! I hope everyone is having a great start to 2022. My name is Joshua Ryan and I am the Product Owner of WinCollect. I’ve been with the development team for just over 6 years now in various roles. Though the latest major release has been available for a little while, I’m happy to share with you all my first post on WinCollect 10. If you missed the release announcement, check out this post by Wendy: WinCollect 10 Standalone Release
When we were developing WinCollect 10 we had two major goals: ease of use, and auto-tuning. The new console included with WinCollect 10 is built off React and can be opened using Firefox, Chrome, Edge and IE. The agent and console are in one bundled package now making installation and configuration easier. I’m also happy to announce…no more tuning profiles! Out of the box, the agent is set to Auto Tuning. The agent will automatically check all sources and figure the correct polling interval based off the number of events being generated. Making the agent more efficient than WinCollect 7. You can download WinCollect 10 now at Fix Central. However, at the time of this writing WinCollect 10 is only available for standalone deployments.
Below I’m going to share 6 videos where I go through some of the features and use cases with WinCollect 10. Documentation on installation and the features I cover below can be found in our user guide: https://www.ibm.com/docs/en/qsip/7.3.2?topic=10-wincollect-overview All right, lets get to the videos!
The first video is going over the new WinCollect 10 console. Stepping through the Dashboard options and navigation menu options.
The next video goes into a use case on how to configure the agent to collect Windows Events from 100 endpoints.
In the third video I will give a brief overview of how the auto tuning works with the agent. Also show how you can use the built-in log viewer to check on the agent’s status.
The fourth video I will give a quick overview of the new “agentconfig.xml” file that is used with WinCollect 10. As this was one of our goals I mentioned above, we’ve made significant changes which will make it easier for you to edit your “agent config” files in this new version.
Let’s look at another use case. I have a new QRadar appliance that I want to send my Windows Events to. I also know that I have a new workstation that I want to start collecting events from. In this video I will explain how you can manually edit the “AgentConfig.xml” to carry out this task. I will also briefly explain how making changes in the console you will have pending changes. How to apply those changes, and how the “patch” file works.
In the final video I’ll be sharing today is how you can install and configure WinCollect 10 on remote endpoints using just Powershell. The Powershell scripts that I’m using can be downloaded from our Github page. They are very basic but shows that you can store the WinCollect 10 MSI file on a remote share in your network and call the script to install the agent and include an “update” script that will instruct the agent on what to collect. We include some examples in the /samples directory as well to help you craft your own “update” scripts that you can use in your own deployment.
I hope that gives everyone something to start off with who is new to WinCollect 10. As this is my first post I didn't want to go to deep in to any of the new features. However, I’d appreciate any feedback and/or ideas for what I should go in to next.
'til next time!