Troubleshooting
Problem
This article describes how to update the TLS Syslog certificate with an update script. Update scripts allow users to modify the parameters of a log source from a template file. The user modified template can be placed in the /patch directory on the WinCollect agent and the change is applied on the next configuration polling interval and the core AgentConfig.xml file is updated.
Environment
WinCollect 10
Resolving The Problem
These installation templates can be used as part of a WinCollect 10 command-line installation to configure or update log source parameters or modify the core AgentConfig.xml parameters for WinCollect.
How to update a TLS certificate in from a template file
The following parameters are required to update a TLS Syslog certificate for your WinCollect agent:
- Custom destination port.
- TLS certificate for sending events encrypted.
- Security, Application, System channels.
- XPath Query for SysMon events.
Procedure
- You must have WinCollect 10 installed.
- Convert your TLS Syslog certificate to base64.
Note: The certificate you intend to convert must include the -----BEGIN CERTIFICATE----- and -----END CERTIFICATE----- values. For example,-----BEGIN CERTIFICATE----- MIIDITCCAgmgAwIBAgIJAKEosbtcvLy+MA0GCSqGSIb3DQEBDQUAMCcxCjAIBgNV . . . qBmjy4Rl/NYw9fQEaz98dr1nZ7z3B+TUdhH1PjbyVqXx3c6ObA== -----END CERTIFICATE-----
LS0tLS1CRUdJTiBDRVJUSUZJQ0FURS0tLS0t...
- Download the following example template to update your certificate: wincollect_certificate_update.xml
- Edit the WinCollect script and add the Base64 certificate. For example,
<Parameter name="Certificate"> LS0tLS1CRUdJTiB... </Parameter>
- Modify any other parameters from the example file.
- Save your changes.
- Copy the file to the /IBM/WinCollect/patch directory.
Results
The agent creates a new configuration in the patch folder and validates the changes. The agent moves the update script, the old AgentConfig.xml file, and the new AgentConfig.xml file into a backup folder (patch_xxxx) and puts the new agent configuration into operation.
Related Information
Document Location
Worldwide
[{"Type":"MASTER","Line of Business":{"code":"LOB24","label":"Security Software"},"Business Unit":{"code":"BU059","label":"IBM Software w\/o TPS"},"Product":{"code":"SSBQAC","label":"IBM Security QRadar SIEM"},"ARM Category":[{"code":"a8m0z000000cwtwAAA","label":"WinCollect"}],"ARM Case Number":"TS008142964","Platform":[{"code":"PF025","label":"Platform Independent"}],"Version":"All Versions"}]
Was this topic helpful?
Document Information
Modified date:
29 February 2024
UID
ibm16614177