IBM QRadar

IBM QRadar

Join this online user group to communicate across Security product users and IBM experts by sharing advice and best practices with peers and staying up to date regarding product enhancements.

 View Only

  • 1.  Windows DNS debug logs issue

    Posted Wed September 15, 2021 04:23 PM

    Hello Team,

    We are in QRadar version 7.4.2 and with managed wincollect agent version 7.3.1.16.. Managed agent successfully reporting to Console..

    We are trying to fetch DNS logs from remote locations with all necessary access permissions to the remote folder by using managed wincollect agent... but not luck, log source status is in NA... wincollect agent logs are not showing any errors...

    And we are able fetch security, application logs from the same remote server in MSRPC method...

    Can any one help me on this to resolve the issue...



    #QRadar
    #Support
    #SupportMigration


  • 2.  RE: Windows DNS debug logs issue

    Posted Wed September 15, 2021 08:17 PM

    I am not a MSRPC expert but can you use an XPath query to create a custom event logger?

    https://www.ibm.com/support/pages/qradar-wincollect-how-use-microsoft-event-viewer-create-xpath-query



    #QRadar
    #Support
    #SupportMigration


  • 3.  RE: Windows DNS debug logs issue

    Posted Thu September 16, 2021 01:21 PM

    Hello Cwolfson,

    Thanks for your kind reply.... the link was very helpful for subscription method...

    I able to fetch DNS logs from remote location by using managed wincollect agent...



    #QRadar
    #Support
    #SupportMigration


  • 4.  RE: Windows DNS debug logs issue

    Posted Sun October 03, 2021 02:42 PM

    Hi,

    maybe this link as well will support you:

    https://www.ibm.com/docs/en/qradar-on-cloud?topic=SSKMKU/com.ibm.wincollect.doc/r_dns_debug_options.html

    Regards,

    Ralph



    #QRadar
    #Support
    #SupportMigration


Related Content