Global Security Forum

Security Global Forum

Our mission is to provide clients with an online user community of industry peers and IBM experts, to exchange tips and tricks, best practices, and product knowledge. We hope the information you find here helps you maximize the value of your IBM Security solutions.

View Only

Back to discussions

Expand all | Collapse all

Wincollect agent: Remove Host

1. Wincollect agent: Remove Host

Like
Michail Christof
Posted Tue April 26, 2022 04:35 AM

Reply
Dear Community,

I want to stop collecting remote windows logs from a log source.

How can I remove a log source which is under a wincollect agent?

Thank you in advance.

Best Regards,

Michail Christof

------------------------------
Michail Christof
------------------------------
2. RE: Wincollect agent: Remove Host

Like
Dusan VIDOVIC
Posted Thu April 28, 2022 01:29 PM

Reply
Michail, not sure if this is is how-to question or you ran into some trouble(?)
Is this a standalone or managed install? In case of a managed instance, you would do it - as for any other log source - using Log Source Management. In case of a standalone instance, you need to access the server where WinCollect is installed and use the console there (also, depending on the version - if it is v7 you would use a "traditional" app and if v10 there's a web app on localhost:3000 (example here)

------------------------------
Dusan VIDOVIC
------------------------------

Original Message
3. RE: Wincollect agent: Remove Host

Like
Michail Christof
Posted Fri April 29, 2022 03:20 AM

Reply
Thnaks Dusan.

I am using managed installation and v7.
From Log source management, if I disable a log source that using wincollect, it still continues sending logs to Qradar at SIM Generic.

Kind Regards,

Michail Christof

------------------------------
Michail Christof
------------------------------

Original Message
4. RE: Wincollect agent: Remove Host

Like
Brian Kwak
Posted Fri April 29, 2022 05:38 AM

Reply
Hi Michail

You can disable the Wincollect agent in Qradar console UI
Admin > Data Sources > Wincollect > Agents
Please disable the agent that you are not collecting event from any more.

------------------------------
Brian Kwak
------------------------------

Original Message

Global Security Forum

Security Global Forum

Wincollect agent: Remove Host

Michail ChristofTue April 26, 2022 04:35 AM

Dusan VIDOVICThu April 28, 2022 01:29 PM

Michail ChristofFri April 29, 2022 03:20 AM

Brian KwakFri April 29, 2022 05:38 AM

1. Wincollect agent: Remove Host

2. RE: Wincollect agent: Remove Host

3. RE: Wincollect agent: Remove Host

4. RE: Wincollect agent: Remove Host

Additional
Resources

Office

Quick Links

Global Security Forum

Security Global Forum

Wincollect agent: Remove Host

Michail ChristofTue April 26, 2022 04:35 AM

Dusan VIDOVICThu April 28, 2022 01:29 PM

Michail ChristofFri April 29, 2022 03:20 AM

Brian KwakFri April 29, 2022 05:38 AM

1. Wincollect agent: Remove Host

2. RE: Wincollect agent: Remove Host

3. RE: Wincollect agent: Remove Host

4. RE: Wincollect agent: Remove Host

Related Content

Remove Host from a Wincollect agent

Monitoring WinCollect Agents: Managed AND Stand Alone

QRadar in Azure- managed WinCollect or standalone

Cannot start collect logs because there is already a collect logs task running

Convert Managed Wincollects to Standalone

Additional Resources

Office

Quick Links

Additional
Resources