IBM Security QRadar

1.) Verify that the wincollect rpm is installed on the IBM QRadar

yum list all | grep -i AGENT-WINCOLLECT

2.) Restart the wincollect service, verify the logs again
3.) Verify the version of wincollect on IBM QRadar SIEM and the version installed on the managed host, it should be compatible

------------------------------
Namit Maurya
------------------------------

Original Message:
Sent: Thu March 25, 2021 04:40 AM
From: Ajala Oyindamola
Subject: Error Code: 10057 on Wincollect Agent

Hello,

 I have installed Wincollect Agent countless times, but it is not connected to the IBM-Qradar SIEM server. I did netstat on the IBM-Qradar Server on port "8413" with no output on this port number. 

Kindly see the error message below.

Thank you.

Best regards,

Oyindamola

Original Message:
Sent: 3/25/2021 7:03:00 AM
From: Namit Maurya
Subject: RE: Error Code: 10057 on Wincollect Agent

1.) Verify that the wincollect rpm is installed on the IBM QRadar

yum list all | grep -i AGENT-WINCOLLECT

2.) Restart the wincollect service, verify the logs again
3.) Verify the version of wincollect on IBM QRadar SIEM and the version installed on the managed host, it should be compatible

------------------------------
Namit Maurya
------------------------------

Original Message:
Sent: Thu March 25, 2021 04:40 AM
From: Ajala Oyindamola
Subject: Error Code: 10057 on Wincollect Agent

Hello,

 I have installed Wincollect Agent countless times, but it is not connected to the IBM-Qradar SIEM server. I did netstat on the IBM-Qradar Server on port "8413" with no output on this port number. 

Kindly see the error message below.

Thank you.

Best regards,

Oyindamola

------------------------------
Namit Maurya
------------------------------

Original Message:
Sent: Fri March 26, 2021 10:05 AM
From: Ajala Oyindamola
Subject: Error Code: 10057 on Wincollect Agent

Hello, Maurya,

I have tried step 1. Here is the output of the command below.

I restarted the wincollect service  and the Windows client, kindly see the log file below.

Here is the version of wincollect installed on IBM QRadar SIEM and the managed host.

Kindly help with resolvable options.

Thank you.

Best regards,

Oyindamola

Original Message:
Sent: 3/25/2021 7:03:00 AM
From: Namit Maurya
Subject: RE: Error Code: 10057 on Wincollect Agent

1.) Verify that the wincollect rpm is installed on the IBM QRadar

yum list all | grep -i AGENT-WINCOLLECT

2.) Restart the wincollect service, verify the logs again
3.) Verify the version of wincollect on IBM QRadar SIEM and the version installed on the managed host, it should be compatible

------------------------------
Namit Maurya

Original Message:
Sent: Thu March 25, 2021 04:40 AM
From: Ajala Oyindamola
Subject: Error Code: 10057 on Wincollect Agent

Hello,

 I have installed Wincollect Agent countless times, but it is not connected to the IBM-Qradar SIEM server. I did netstat on the IBM-Qradar Server on port "8413" with no output on this port number. 

Kindly see the error message below.

Thank you.

Best regards,

Oyindamola

Original Message:
Sent: 3/26/2021 12:14:00 PM
From: Namit Maurya
Subject: RE: Error Code: 10057 on Wincollect Agent

1.)Try to telnet QRadar On port 8413 from windows host. It should be able to reach QRadar on port 8413

2.) Deploy full configuration and choose to restart event collection services
 Most probably the issue is with the 8413 connectivity from host to QRadar

Try and see if you are able to find the root cause.

------------------------------
Namit Maurya
------------------------------

Original Message:
Sent: Fri March 26, 2021 10:05 AM
From: Ajala Oyindamola
Subject: Error Code: 10057 on Wincollect Agent

Hello, Maurya,

I have tried step 1. Here is the output of the command below.

I restarted the wincollect service  and the Windows client, kindly see the log file below.

Here is the version of wincollect installed on IBM QRadar SIEM and the managed host.

Kindly help with resolvable options.

Thank you.

Best regards,

Oyindamola

Original Message:
Sent: 3/25/2021 7:03:00 AM
From: Namit Maurya
Subject: RE: Error Code: 10057 on Wincollect Agent

1.) Verify that the wincollect rpm is installed on the IBM QRadar

yum list all | grep -i AGENT-WINCOLLECT

2.) Restart the wincollect service, verify the logs again
3.) Verify the version of wincollect on IBM QRadar SIEM and the version installed on the managed host, it should be compatible

------------------------------
Namit Maurya

Original Message:
Sent: Thu March 25, 2021 04:40 AM
From: Ajala Oyindamola
Subject: Error Code: 10057 on Wincollect Agent

Hello,

 I have installed Wincollect Agent countless times, but it is not connected to the IBM-Qradar SIEM server. I did netstat on the IBM-Qradar Server on port "8413" with no output on this port number. 

Kindly see the error message below.

Thank you.

Best regards,

Oyindamola