Wincollect file forwarder

  • 1 September 2016
  • 2 replies

I have Microsoft DNS server with DNS debugging enabled and all DNS requests from PCs are logged to file C:\share\dns.txt. Folder \share\ is shared as windows share and is accessible with appropriate user and password (I test it from my PC).
I know, that I can collect info from this file by Universal DSM with Log File protocol. But my question is: can I collect logs from file by Universal DSM with WinCollect File Forwarder protocol? I tried it, but I received logs from DHCP server (which is running on the same server) instead of info from file dns.txt...
I send screenshot of my log source setup. Thanks in advance for any help.
Best regards
Lukas Mecir

2 replies

Hello, I tried to make some changes in log source setup (see screenshot), but problem is still the same...

Userlevel 1
Hi Lukas,

We see your question and confirm you are currently using Universal DSM to collect data from a shared folder and text file within that location. This currently shows no issues to you but it allows the question if Wincollect File Forwarder Protocol can be used.

I have consulted with IBM and it seems you can, provided you have the correct permissions on this Windows environment and that you use a Wincollect Agent to pull data from that location (remote collection). You could also install a new WinCollect agent on the share server and do local collection of data from that particular file and then send it altogether to the Siem.