IBM QRadar

IBM QRadar

Join this online user group to communicate across Security product users and IBM experts by sharing advice and best practices with peers and staying up to date regarding product enhancements.

 View Only
Back to discussions
Expand all | Collapse all

WinCollect agent is unable to send windows logs instead of agent's heartbeats and error

  • 1.  WinCollect agent is unable to send windows logs instead of agent's heartbeats and error

    Posted Thu December 19, 2024 08:57 AM

    Dear Team

    We have installed Standalone wincollect on the machine and configured the SIEM IP. 

    We have ensured the configurations and network reachability in between them.

    SIEM is not receiving the windows events but receiving the heartbeats and error events from the wincollect agent. check snap below

    Error event msg in the payload is:

    msg=Unable to send EvtsOnDisk file 20241116_03\3356_2041810_WIN-KG2UQQ4JAJQ_44.evtb  => 44 evts size: 69268 - will not try again for 300.0s

    Kindly Assist and overcome the issue.

    Thanks in Advance



    ------------------------------
    Hafiz Muhammad Waqas
    ------------------------------


  • 2.  RE: WinCollect agent is unable to send windows logs instead of agent's heartbeats and error

    Posted Wed January 22, 2025 07:39 AM

    Hi Hafiz,

    Is this still an issue?  I would suggest that you open a support case for this.

    Thanks



    ------------------------------
    John Dawson
    Qradar Support Architect
    IBM
    ------------------------------

    Original Message


  • 3.  RE: WinCollect agent is unable to send windows logs instead of agent's heartbeats and error

    Posted Sat March 08, 2025 02:40 PM

    Hi,

    From the snap it seems to be a storage issue. Try to restart wc service. wc storage might got full.



    ------------------------------
    Abdul Quadeer
    ------------------------------

    Original Message


Related Content