Installation prerequisites for WinCollect
Before you can install WinCollect agents, you must verify that your deployment meets the installation requirements.
Supported versions
Administrators should be aware that supported software versions for IBM WinCollect is the Latest version (n) and latest minus one (n-1). This means that the two latest released major versions of WinCollect (10.x.xx and 7.x.xx) are the versions for which QRadar® Support will provide full support with any support tickets (cases) that are opened. Customers using older versions of WinCollect will receive minimal, best effort, support. To prevent issues, it is important that administrators keep WinCollect deployments updated when new versions are posted to IBM Fix Central.
Distribution options for WinCollect agents
WinCollect agents can be distributed in a remote collection configuration or installed on the local host.
- Local collection
- The WinCollect agent collects events only
for the host on which it is installed. You can use this collection method on a Windows host that is busy or has limited resources, for example, domain
controllers.Important: QRadar Support recommends local collection on Domain Controllers and other high EPS servers, as it is more stable than remote collection. If you are remote polling logs on potentially high EPS servers, QRadar Support might require you to install an agent locally on the server.
- Remote Collection
- The WinCollect agent is installed on a single host and collects events from multiple Windows systems. Use remote collection to easily scale the number of Windows log sources that you can monitor.
