Help us improve your experience.

Let us know what you think.

Do you have time for a two-minute survey?


Configuring WinCollect 10 to collect Microsoft security events

If you use the Installing WinCollect 10 using the Advanced installer option to install your agent, you can run an update script to configure the agent.

  1. Download or copy the wincollect-10.0.x.x64.exe file to your computer.
  2. Copy the update script code that is displayed in this topic and paste it into a text editor.
  3. Replace the value for the Address parameter ("YourStatusServerIP") with the IP address of an appliance in your JSA deployment.
  4. Replace the Destination Address parameter ("YourQRadarApplianceIP") with the IP address of an appliance in your JSA deployment.

    If you are using an All-In-One appliance, the Destination Address can be the same IP address as the Address parameter.

  5. Save the file as update_localmsevents.xml.
  6. Run the wincollect-10.0.x.x64.exe installer as an admin user.
  7. On the Welcome to the WinCollect 10 Setup Wizard window, click Next and accept the terms in the license agreement.
  8. Enter your Company Information, then click Next.
  9. On the Custom Setup window, specify an alternative path to install and choose any additional components you need to install.
  10. Click Next.
  11. On the Configuration Options window, select Specify a configuration script file to execute immediately after the Agent is installed.
  12. Click Browse to locate your update_localmsevents.xml file and click Next.

    The Ready to Install window displays the command that you can use to apply the same configuration on another agent.

  13. Click Install to finish the installation.
  14. If you are prompted to allow the app to install from an unknown publisher, click Yes.
  15. On the Completing the WinCollect 10 Setup Wizard page, click Finish.
    Copy the following code and save the file as update_localmsevents.xml: