Installing the WinCollect agent on a Windows host
Install the WinCollect agent
on each Windows host that you want to use for local or
remote collection in your network environment.
Before you begin
Ensure that the following conditions are met:
- You created an authentication token for the managed WinCollect agent.Note: An authentication token is not required for stand-alone WinCollect deployments such as those used in IBM® QRadar® on Cloud, but every managed WinCollect agent must use an authentication token.
For more information, see Creating an authentication token for WinCollect agents.
- Your system meets the hardware and software requirements.
For more information, see Hardware and software requirements for the WinCollect host.
- The required ports are available for WinCollect agents to communicate with QRadar and remotely polled Windows computers.
For more information, see Communication between WinCollect agents and QRadar.
- To automatically create a log source for a managed WinCollect agent, you must first create a
destination that your agent can use to connect to QRadar and create your log source.
For more information, see Adding a destination.
The managed WinCollect agent sends the Windows event logs to the configured destination. The destination can be the QRadar Console, an Event Processor, or an Event Collector.