No heartbeat from Wincollect Agent, but log is received normally

  • 0
  • 1
  • Problem
  • Updated 2 years ago
  • Solved
Hello,
on SIEM (version 7.2.6 Build 20160405164932) I configured Wincollect Agent (version of RPM is 7.2-1018607). Agent is running on Win2008 R2 server.
Problem is that I receive logs from log source normally, but I do not receive any heartbeats from Agent. Only one hearbeat was seen on time of log source creation.
I have another Agent on this same SIEM and from it I receive both logs and heartbeats normally.
Does anyone know what is the reason and what to do to receive heartbeats? I send screenshots of problematic Agent and of associated log source.


Thanks in advance for any help.
Lukas Mecir
Photo of Lukas Mecir

Lukas Mecir

  • 150 Points 100 badge 2x thumb

Posted 2 years ago

  • 0
  • 1
Photo of Mullins, Keith

Mullins, Keith, Employee

  • 470 Points 250 badge 2x thumb
Hi Lukas,

You may be running into a known issue  that will be resolved in the upcoming 7.2.7.20160511191708 patch.

Here is the specific description of the known issue:
The 'Last Heart Beat' date/time might not update for some
WinCollect agents in the QRadar User Interface, Admin tab,
WinCollect window.  While this is occuring, WinCollect Log
Source Event collection and processing can still be working as
expected even though it appears the WinCollect agent is not
communicating to QRadar.  Event collection can be verified
using normal Log Activity searches.


Photo of Lukas Mecir

Lukas Mecir

  • 150 Points 100 badge 2x thumb
Hi Keith,
thank you very much for info, I appreciate this.
Best regards
Lukas Mecir