Osama, glad to hear! :) Good luck!
BR,
-C-
------------------------------
Carl Mohn
IBM
Dublin
------------------------------
Original Message:
Sent: Mon March 04, 2024 04:12 AM
From: osama ahmed
Subject: wincollect 10 and forwarded events
Dear Carl Mohn,
thank for your reply , i tested it and it work
------------------------------
osama ahmed
Original Message:
Sent: Wed February 28, 2024 08:58 AM
From: Carl Mohn
Subject: wincollect 10 and forwarded events
Hi Osama,
In WinCollect 10 you can set an Identifier Override:
- Open the WinCollect 10 console in Windows.
- From the cogwheel icon in the top right corner, enable Advanced UI.
- From the ☰ menu, go to Local Sources.
- Open the local collection group where you can see the Channels.
- Open the Sources> XPath config.
- Now you can see the Identifier Override field. Enter a value to be used as a Log Source Identifier, which you will use in a log source config on the QRadar side.
- Save and Apply the changes.
If there's enough events from this Source, the log source should now get auto-detected (auto-created).
Hope this is helpful!
-C-
------------------------------
Carl Mohn
IBM
Dublin
Original Message:
Sent: Sun February 04, 2024 10:23 AM
From: osama ahmed
Subject: wincollect 10 and forwarded events
i have A case , i have A server it has wincollect 10 and there arse some logs are forwarded to it , so i crete a new source on wincollect to the new channel with xpath , and it comming but under the same log source , so how i can make it comming under new log source
------------------------------
osama ahmed
------------------------------