Wincollect file forwarder

  • 0
  • 2
  • Question
  • Updated 2 years ago
  • Answered
Hello,
I have Microsoft DNS server with DNS debugging enabled and all DNS requests from PCs are logged to file C:\share\dns.txt. Folder \\share\ is shared as windows share and is accessible with appropriate user and password (I test it from my PC).
I know, that I can collect info from this file by Universal DSM with Log File protocol. But my question is: can I collect logs from file by Universal DSM with WinCollect File Forwarder protocol? I tried it, but I received logs from DHCP server (which is running on the same server) instead of info from file dns.txt...
I send screenshot of my log source setup. Thanks in advance for any help.
Best regards
Lukas Mecir
Photo of Lukas Mecir

Lukas Mecir

  • 150 Points 100 badge 2x thumb

Posted 2 years ago

  • 0
  • 2
Photo of Lukas Mecir

Lukas Mecir

  • 150 Points 100 badge 2x thumb
Hello, I tried to make some changes in log source setup (see screenshot), but problem is still the same...
(Edited)
Photo of Mullins, Keith

Mullins, Keith, Employee

  • 470 Points 250 badge 2x thumb
Hi Lukas,

We see your question and confirm you are currently using Universal DSM to collect data from a shared folder and text file within that location. This currently shows no issues to you but it allows the question if Wincollect File Forwarder Protocol can be used.

I have consulted with IBM and it seems you can, provided you have the correct permissions on this Windows environment and that you use a Wincollect Agent to pull data from that location (remote collection). You could also install a new WinCollect agent on the share server and do local collection of data from that particular file and then send it altogether to the Siem.