Help us improve your experience.

Let us know what you think.

Do you have time for a two-minute survey?


WinCollect 10 overview

WinCollect is a Syslog event forwarder that administrators can use to forward events from Windows logs to JSA. WinCollect can collect events from systems locally or be configured to remotely poll other Windows systems for events.

WinCollect uses the Windows Event Log API to gather events, and then WinCollect sends the events to JSA.


You can install WinCollect 10 as a stand-alone agent only.

In a stand-alone deployment, the WinCollect software is installed on a Windows host that is not managed through JSA to control the log sources. There are no performance differences between a managed and stand-alone agent. The agent can gather events from itself (local), connect to a remote Windows endpoint to collect events (remote), or both. The agent then sends both the local and remote events to your JSA deployment.

Figure 1: WinCollect stand-alone deployment example WinCollect stand-alone deployment example

You can also deploy stand-alone WinCollect to consolidate event data on one Windows host, where WinCollect collects events to send to JSA.

Stand-alone WinCollect mode has the following capabilities:

  • Configure each WinCollect agent by using the WinCollect 10 Console.
  • Update WinCollect software with the software update installer.
  • Event storage to ensure that no events are dropped.
  • Collects forwarded events from Microsoft Subscriptions.
  • Filters events by using XPath queries or exclusion filters.
  • Supports virtual machine installations.
  • Send events to JSA over TLS Syslog.
  • Automatically create a local source at the time of agent installation.