IBM Security QRadar

 View Only

  • 1.  install WinCollect on windows server old

    Posted Wed February 21, 2024 05:34 AM
    Edited by System Test Thu March 07, 2024 12:24 AM

    Hi everyone,

    I deploy Agent WinCollect on windows server 2008 and windows server 2003. Now, System requiment supported windows server 2012 or last. So EveryOne let me ask if deployed on the other two unsupported versions, how to do it


    ------------------------------
    duc tung
    ------------------------------



  • 2.  RE: install WinCollect on windows server old
    Best Answer

    Posted Wed February 21, 2024 09:59 AM
    Edited by System Test Thu March 07, 2024 12:23 AM

    i'm going to take a guess at this question and ask if WinCollect can be installed on older Windows versions. What we define as supported versions can be found here: https://www.ibm.com/docs/en/qradar-common?topic=10-hardware-software-requirements-wincollect-host

    This page is important as it lists both required RAM/CPU, but also supported OSs that we validate and can take cases against. If you are not on a supported Windows version listed in this article, there is likely little we can do to help if an issue occurs. It might work just fine, but some of the newer features in Windows 10, such as virtual accounts might not work and you might experience issues. 

    There are also potential issues depending on your Windows version with remote polling. Not all Windows versions support MSEVEN6 protocol, so you might need to set automatic or manually set the connection type to use MSEVEN, depending on your OS in the log source configuration. 

    Top suggestions:

    • It might be worth while if you have more than one old OS or several hosts, to setup a Windows Event Forwarding subscription (WEF/WEC). This feature was available on a lot of older OS versions and might be easier to setup if you have a mix of hosts. This also allows you to manage from the subscription and use WinCollect 10 as WinCollect 10 does not have management option from the Console, like WinCollect 7. 
    • Use WinCollect 10, if possible. 
    • Be aware, you might not get support on older Windows versions. We typically will not turn away a case, but we might be limited as to how we can help on OS versions that Windows considers end of service. 
    • Any issue you do hit, the default response from support is going to point to your OS as the root cause. 
    • You need to ensure that the performance of the older hosts meets the specifications documented in the guide that I linked. 



    ------------------------------
    Jonathan Pechta
    IBM Security - Community of Practice Lead
    jonathan.pechta1@ibm.com
    ------------------------------

    Original Message


  • 3.  RE: install WinCollect on windows server old

    Posted Wed February 21, 2024 09:18 PM
    Edited by System Test Thu March 07, 2024 12:23 AM

    Thanks, I will try on lab environment



    ------------------------------
    duc tung
    ------------------------------

    Original Message