Adding a destination

To assign where WinCollect agents in your deployment forward their events, you can create destinations for your WinCollect deployment.

1. Click the Admin tab.
2. On the navigation menu, click Data Sources.
3. Click the WinCollect icon.
4. Click Destinations and then click Add.
5. Configure the parameters.

   The following table describes some of the parameters

   Table 1. Destination parameters

   Parameter	Description
   Name	Used on the agent side for log source creation. Important: The destination name is used during automatic log source creation and must exist before the installation runs. Verify the destination name in QRadar® before starting the installation.
   Hostname	The host name or IP address of the destination IBM® QRadar appliance.
   Port	IBM Security QRadar receives events from WinCollect agents on UDP or TCP on port 514. For TLS protocol, the default port is 6514.
   Protocol	The communication channel between IBM Security QRadar and WinCollect agents. Select UDP, or TCP, or TCP/TLS (Encrypted).
   Certificate	The TLS certificate of the destination device. Copy the certificate from /opt/qradar/conf/trusted_certificates/syslog-tls.cert on the destination device and paste in the Certificate field. Note: The Certificate field displays when TCP/TLS (Encrypted) is selected from the Protocol list.
   Throttle (events per second)	Defines a limit to the number of events that the WinCollect agent can send each second.
   Schedule Mode	If you select the Forward Events option, the WinCollect agent forwards events within a user-defined schedule. When the events are not being forwarded, they are stored until the schedule runs again. If you select the Store Events option, the WinCollect agent stores events to disk only within a user-defined schedule and then forwards events to the destination as specified.

6. Click Save.