IBM Security QRadar

 View Only

  • 1.  WinCollect Troubleshooting

    Posted Fri April 09, 2021 02:06 PM

    Dears

    I installed WinCollect in windows 2012 ( Domain Control machine ), and the Wincollwct service under Services is stopped.
    when I'm trying to start it it go to stop status again after 5 Sec .

    the client is 7.3  .

    Thanks





    ------------------------------
    Mohamed Ramadan
    ------------------------------


  • 2.  RE: WinCollect Troubleshooting
    Best Answer

    IBM Champion
    Posted Mon April 12, 2021 02:43 AM
    Hello Mohamed,

    there are a lot of dependencies to check regarding to wincollect. Not knowing exactly more details about your deployment szenario and setup of wincollect, maybe this starting point of wincollect 101 pages will support your troubleshooting: https://www.ibm.com/community/qradar/home/wincollect/

    Regards,
    Ralph

    ------------------------------
    Ralph Belfiore
    SIEM Expert
    pro4bizz GmbH
    Karlsruhe
    +49 721 90981727
    ------------------------------

    Original Message


  • 3.  RE: WinCollect Troubleshooting

    Posted Tue April 13, 2021 09:53 AM
    Hi Mohamed,

    The error message indicates that no destinations are specified, this means the agent doesn't know where to send its events and thus shuts itself off (otherwise it would just buffer event data locally until it runs out of disk space). Depending on whether this is a standalone agent (in which case you'll need to add something to the AgentConfig.xml  file, either directly or via the standalone configuration console) or a managed agent (in which case you'll need to add a log source on the QRadar side with a WinCollect protocol to your agent), the process for supplying the missing config is different so starting with the WinCollect 101 page Ralph mentioned is a good first step.

    Cheers
    Colin

    ------------------------------
    COLIN HAY
    IBM Security
    ------------------------------

    Original Message