IBM Support

WinCollect 10: How to collect log files before you open a suport case

Question & Answer


Question

How can I collect required information and logs for WinCollect 10 agent issues?

Answer

Administrators who experience issues with WinCollect agents can submit logs and a description of the issue in a support case. For more information about WinCollect issues QRadar Support can assist with, see WinCollect and support policies.

Providing a problem description
A description of the problem, error messages, Windows operating system version, and hostnames or IP addresses of the affected WinCollect 10 agents.

For example
  • I added 250 log sources by using the bulk add feature with WinCollect 10.0.1, and they recently stopped sending events. The WinCollect agent name is ____ and the log sources that I want investigated are hostA (1.1.1.1), hostB (1.1.1.2), hostC (1.1.1.3), and hostD (1.1.1.4). Here is a screen capture of the log source configuration. See attached logs {agentname.tgz} from the WinCollect agent.
  • I installed a new WinCollect agent and I'm unable to remotely poll for events on Windows Server 2019 due to 1722 RPC errors.
Collecting support files from a WinCollect 10 agent
  1. Log in to the Windows operating system that hosts the WinCollect agent.
  2. Launch the WinCollect 10 agent.
  3. Click the Settings icon.
    image-20220630005921-2
  4. Click Collect Support Files.
    image-20220630010024-3
  5. Click Collect and compress files.
    image-20220630010450-6
  6. Navigate to the path that includes the compressed file.
    image-20220630010420-5
  7. Open a case with QRadar Support.
    image-20220630012209-7
  8. Attach the logs from your WinCollect 10 agent.
    image-20220630012240-8

    Results
    Cases for WinCollect are logged against the QRadar SIEM or QRadar on Cloud product. If the case title or description if your issue includes the term WinCollect, the case is assigned to a support representative that specializes in WinCollect issues.

[{"Type":"MASTER","Line of Business":{"code":"LOB24","label":"Security Software"},"Business Unit":{"code":"BU059","label":"IBM Software w\/o TPS"},"Product":{"code":"SSBQAC","label":"IBM Security QRadar SIEM"},"ARM Category":[{"code":"a8m0z000000cwtwAAA","label":"WinCollect"}],"ARM Case Number":"","Platform":[{"code":"PF025","label":"Platform Independent"}],"Version":"All Versions"}]

Document Information

Modified date:
30 June 2022

UID

ibm16599923

Page Feedback