IBM QRadar

Join this online user group to communicate across Security product users and IBM experts by sharing advice and best practices with peers and staying up to date regarding product enhancements.

View Only

Back to discussions

Expand all | Collapse all

Wincollect 10.1.6.3 with WEF enable

1. Wincollect 10.1.6.3 with WEF enable

Like
tysa
Posted Sun November 05, 2023 06:03 AM

Reply
Hi, I have multiple wincollect servers with Wincollect 10 installed and WEF enabled. The WEF is forwarding logs from 100s of windows servers to Qradar. Because there is such high number of windows servers and multiple wincollect serves doing the WEF, I need to know which wincollect server is forwarding which windows server logs. Is there an identifier I can enable on the wincollect agent which will then be added into to the log payload so I can identify by which wincollect server the logs were forwarded? Thank you.

------------------------------
tysa
------------------------------

IBM QRadar

IBM QRadar

Wincollect 10.1.6.3 with WEF enable

1. Wincollect 10.1.6.3 with WEF enable

Additional
Resources

Office

Quick Links

IBM QRadar

IBM QRadar

Wincollect 10.1.6.3 with WEF enable

1. Wincollect 10.1.6.3 with WEF enable

Related Content

What’s new in Splunk Data Forwarding App for QRadar version 3.0.0

How to fix wrong source IPs displayed by wincollect

Windows log forward to IBM Qradar using Wincollect

Wincollect forwarded logs for one server/IP has two different hostnames

WinCollect: Windows Forwarded events missing Information in QRadar

Additional Resources

Office

Quick Links

Additional
Resources