Reset Search
 

 

Article

SIEM: Installing and Configuring WinCollect

« Go Back

Information

 
TitleSIEM: Installing and Configuring WinCollect
Objective
How to install and configure WinCollect on a Windows machine
Environment
SIEM v7.2.7
Procedure
1.  Uninstall WinCollect on the remote window machine (through the windows programs control panel).

2.  Download and install 7.7.2.7.20160519230548.sfs (or higher patch) on the SIEM console
User-added image
 
This patch will install all the wincollect patches/RAfter the installation, the cfollowing command can be performed to verify the RPMs: 

rpm -qa |grep -i wincollect
 
PROTOCOL-WinCollectMicrosoftISA-7.2-1003958.noarch
PROTOCOL-WinCollectMicrosoftSQL-7.2-1003958.noarch
AGENT-WINCOLLECT-7.2-1018607.noarch
PROTOCOL-WinCollectMicrosoftDHCP-7.2-1003958.noarch
DSM-WinCollect-7.2-922053.noarch
PROTOCOL-WinCollectWindowsEventLog-7.2-1007919.noarch
PROTOCOL-WinCollectConfigServer-7.2-1096879.noarch
PROTOCOL-WinCollectMicrosoftIAS-7.2-1003958.noarch
PROTOCOL-WinCollectNetAppDataONTAP-7.2-1003958.noarch
PROTOCOL-WinCollectMicrosoftIIS-7.2-1005042.noarch
PROTOCOL-WinCollectFileForwarder-7.2-20150930100700.noarch
PROTOCOL-WinCollectJuniperSBR-7.2-1003958.noarch


3. Once the patch was installed/completed on the console, launch the web Dashboard and navigate to the Admin --> Authorized Services
User-added image


4.  Add in an entry for Wincollect and then note the 'Selected Token' field
User-added image

5. Download and install AGENT_i386_WinCollect-7.2.2.1018508-setup.zip for a 32-bit system or Wincollect Agent EXE [x64] 7.2.2.1018564 for a 64-bit system.
User-added image

6.  Unzip the installation bundle and run the setup.exe file within.
7.   Fill in the Host Identifer field (hostname of remote wincollect machine), the Authnetication Token (from step #4 above) and the Configuration Console (IP of the Siem console)
User-added image

        Click Next.

8.   In the next window, check the 'Enable Automatic Log Source Creation' option, and fill in the Log Source Name and Log Source Identifier variables.
This will determine the Log Source name created on the Siem.  The most common values are the hostname of the windows machine:

 
User-added image
    
        Click Next and complete the installation.

9.  Started the Wincollect service on windows machine.   It should now create a Log source on the Siem (you can verify in the Log Sources window in the Admin tab).

10.  If the Log source is not created and Wincollect does not connect to the server, continue with the following steps.

11.  Log in to the Dashboard
12.  Click the Admin tab.
13. Click the Authorized Services icon.
14.  Note the token for Wincollect (and ensure none of the tokens have expired).  For example, on  my machine:
User-added image

15. Log in to the Windows host that has the bad token.
16. Navigate to the WinCollect installation directory. (C:\Program Files\IBM\WinCollect\config\).
17. Open the file install_config.txt.
18. Readd the token from the console in the 'ApplicationToken=' field.  Using the token in my example from step #14 above:
User-added image

19. Save the file.

20.  Click Start > Run, type services.msc and click OK.
21.  Locate the WinCollect service and restart it.


 
Additional notes

Feedback

 

Was this article helpful?


   

Feedback

Please tell us how we can make this article more useful.

Characters Remaining: 255