Reset Search



SIEM: Installing and Configuring WinCollect

« Go Back


TitleSIEM: Installing and Configuring WinCollect
How to install and configure WinCollect on a Windows machine
SIEM v7.2.7
1.  Uninstall WinCollect on the remote window machine (through the windows programs control panel).

2.  Download and install (or higher patch) on the SIEM console
User-added image
This patch will install all the wincollect patches/RAfter the installation, the cfollowing command can be performed to verify the RPMs: 

rpm -qa |grep -i wincollect

3. Once the patch was installed/completed on the console, launch the web Dashboard and navigate to the Admin --> Authorized Services
User-added image

4.  Add in an entry for Wincollect and then note the 'Selected Token' field
User-added image

5. Download and install for a 32-bit system or Wincollect Agent EXE [x64] for a 64-bit system.
User-added image

6.  Unzip the installation bundle and run the setup.exe file within.
7.   Fill in the Host Identifer field (hostname of remote wincollect machine), the Authnetication Token (from step #4 above) and the Configuration Console (IP of the Siem console)
User-added image

        Click Next.

8.   In the next window, check the 'Enable Automatic Log Source Creation' option, and fill in the Log Source Name and Log Source Identifier variables.
This will determine the Log Source name created on the Siem.  The most common values are the hostname of the windows machine:

User-added image
        Click Next and complete the installation.

9.  Started the Wincollect service on windows machine.   It should now create a Log source on the Siem (you can verify in the Log Sources window in the Admin tab).

10.  If the Log source is not created and Wincollect does not connect to the server, continue with the following steps.

11.  Log in to the Dashboard
12.  Click the Admin tab.
13. Click the Authorized Services icon.
14.  Note the token for Wincollect (and ensure none of the tokens have expired).  For example, on  my machine:
User-added image

15. Log in to the Windows host that has the bad token.
16. Navigate to the WinCollect installation directory. (C:\Program Files\IBM\WinCollect\config\).
17. Open the file install_config.txt.
18. Readd the token from the console in the 'ApplicationToken=' field.  Using the token in my example from step #14 above:
User-added image

19. Save the file.

20.  Click Start > Run, type services.msc and click OK.
21.  Locate the WinCollect service and restart it.

Additional notes



Was this article helpful?



Please tell us how we can make this article more useful.

Characters Remaining: 255