No heartbeat from Wincollect Agent, but log is received normally


Hello,
on SIEM (version 7.2.6 Build 20160405164932) I configured Wincollect Agent (version of RPM is 7.2-1018607). Agent is running on Win2008 R2 server.
Problem is that I receive logs from log source normally, but I do not receive any heartbeats from Agent. Only one hearbeat was seen on time of log source creation.
I have another Agent on this same SIEM and from it I receive both logs and heartbeats normally.
Does anyone know what is the reason and what to do to receive heartbeats? I send screenshots of problematic Agent and of associated log source.



Thanks in advance for any help.
Lukas Mecir

2 replies

Userlevel 1
Hi Lukas,

You may be running into a known issue that will be resolved in the upcoming 7.2.7.20160511191708 patch.

Here is the specific description of the known issue:
The 'Last Heart Beat' date/time might not update for some WinCollect agents in the QRadar User Interface, Admin tab, WinCollect window. While this is occuring, WinCollect Log Source Event collection and processing can still be working as expected even though it appears the WinCollect agent is not communicating to QRadar. Event collection can be verified using normal Log Activity searches.

[/code]
Hi Keith,
thank you very much for info, I appreciate this.
Best regards
Lukas Mecir

Reply