IBM Security QRadar

 View Only
Expand all | Collapse all

wincollect

  • 1.  wincollect

    Posted Fri February 05, 2021 06:25 PM
    Hi All

    We installed QRADAR Siem. Wincollect was not present.
    We installed wincollect after downloading from IBM and it appeared in Admin Panel and everything looks fine.

    But there is ONE problem. The port 8413 IS NOT running. There is nothing listening on this port.

    What is the solution ? Do we need to pay for WinCollect or is there a setting involved ?

    Please help as we wasted a lot of time and effort.

    We are running 7.3 which was installed from the OVA.


    ------------------------------
    Vincent Vincebezzina@cardpaydirect.com
    ------------------------------


  • 2.  RE: wincollect

    IBM Champion
    Posted Mon February 08, 2021 01:03 PM
    Hi Vincent,

    QRadar comes with realtively small footprint. Many things have to be installed afterwards. Wincollect very much depends on the options you want to use. Pull or push technique? central agent or distirbuted? multi domain environment? Hybrid Cloud options? Management console in QRadar or standalone?

    Pls make sure you got:
    • wincollect DSM
    • wincollect Protocol
    • wincollect Agent
    • windows content package
    all software versions depend on each other and are related but not identical with your base QRadar release plus fixpack. Pls read the release notes correlated.
    port 8413 listen should exist when you issue netstat -an.
    you dont need an extra license . wincollect is free. If you are running VM based on CE OVA there are special considerations to take. Pls use standard ISO image for install.
    Pls check health messages. check for all log updates in /var/log. enable debug log in your agent conf. contact IBM support if you cant make progress.

    BR
    Karl

    ------------------------------
    [Karl] [Jaeger] [Business Partner]
    [QRadar Specialist]
    [pro4bizz]
    [Karlsruhe] [Germany]
    [4972190981722]
    ------------------------------