1. Document Library
  2. Integration Guides
  3. Microsoft Windows Security Event Log

Win Collect Agent Integration Guide

This document provides the installation steps for the deployment of the IBM QRadar Win Collect Agent on the customer servers.

1.    Standalone Installation Process

  1. Download the Win Collect agent setup file from the link shared by us.
  2. Right-click the Win Collect agent installation file and select Run as administrator.
  3. Follow the prompts in the installation wizard.

1.1 Win Collect Setup Type Installation Wizard Parameters

1.2 Accept the License Agreement

1.3 Enter Customer Information (User Name: Leave it as default & enter your          Organization name)

1.4 Do not change the Destination Folder

1.5 Select Setup Type as Stand Alone

1.6 Log Source Creation Parameters -1

Important: Make sure “Log Source Identifier” is FDQ of the Host.

Please select only Security & System in the event types.

Select the applicable log types from the remaining options. Leave them blank if not required.

 1.7 Log Source Creation Parameters -2  

 1.8 Log Source Creation Parameters -3  

For AD /DC server, keep the Machine poll interval as 750 msec, and Tunning Profile as High event rate server.

For other servers, keep the Machine poll interval as 1500 msec, and Tunning profile as Typical server.

 1.9 Heartbeat Parameters  

Select Disable from the Heartbeat interval dropdown.

1.10Installation Parameter Summary:

1.11Click on Install to begin installation

1.12 Click on Finish to Finish Wizard

 1.13 Please copy old AgentConfig.xml file from backup taken to the current config folder (C:\Program Files\IBM\Wincollect\config).

  

1.14 Please go to Windows services. Locate and restart WinCollect service.