Hi Karl,
Thank you for your prompt resposne.
I didnt create any log source manually. I have one log source(attached earlier) which auto discovered with target event collector.
I am also attaching the disconnected log source configuration.
My concern here is i pointed my wincollect configuration to the DLC but when its discovered its under the event collctor. Is this the way DLC work ? Please advice since i m new to the DLC concept.
Thanks
Joe
------------------------------
jo De
------------------------------
Original Message:
Sent: Fri July 26, 2024 09:30 AM
From: Karl Jaeger
Subject: Disconnected log collector log source discovered under the event collector
Joe, from what you explain there are two logsources existing for your windows system. The manually configured windows server plus the same server automaticalyy detected. Please check ogsource identifier first (should be the same) and eventually use logsource parse ordering for changing priority between those two.
------------------------------
[Karl] [Jaeger] [#ibmchampion]
[QRadar Specialist]
[cnag]
[Siegen] [Germany]
Original Message:
Sent: Fri July 26, 2024 08:03 AM
From: jo De
Subject: Disconnected log collector log source discovered under the event collector
Hi Team.
I have installed and configured DLC .
After that i had installed wincollect agnets and pointed to the DLC IP . The log source auto discovered with forwarded protocol. But i can see target event collector is Not DLC.
attached the log source screenshot for your reference. Please check and advice here,
Regards
Joe
------------------------------
jo De
------------------------------