- play_arrow What's New in WinCollect
- play_arrow WinCollect Overview
- play_arrow Installation Prerequisites for WinCollect
- play_arrow WinCollect installations
- WinCollect installations
- Installing and Upgrading the WinCollect Application on JSA Appliances
- Creating an Authentication Token for WinCollect Agents
- Adding Multiple Destinations to WinCollect Agents
- Migrating WinCollect Agents After a JSA Hardware Upgrade
- Stand-alone WinCollect Installations
- WinCollect Configuration Console Overview
- Installing the Configuration Console
- Silently Installing, Upgrading, and Uninstalling WinCollect Software
- Setting an XPath Parameter During Automated Installation
- Migrating from Adaptive Log Exporter to WinCollect
- Installing the WinCollect Agent on a Windows Host
- Installing a WinCollect Agent from the Command Prompt
- Uninstalling a WinCollect Agent from the Command Prompt
- Uninstalling a WinCollect Agent from the Control Panel
- play_arrow Configuring WinCollect Agents After Installation
- Configuring WinCollect Agents After Installation
- Manually Adding a WinCollect Agent
- Deleting a WinCollect Agent
- WinCollect Destinations
- Adding Custom Entries to WinCollect Status Messages
- Forwarding Events Identifier
- Configuring Stand-alone WinCollect Agents with the Configuration Console
- Creating a WinCollect Credential
- Adding a Destination to the WinCollect Configuration Console
- Configuring a Destination with TLS in the WinCollect Configuration Console
- Adding a Device to the WinCollect Configuration Console
- Sending Encrypted Events to JSA
- Increasing UDP Payload Size
- Include Milliseconds in Event Log Timestamp
- Collecting Local Windows Logs
- Collecting Remote Windows Logs
- Changing configuration with Templates in a Stand-alone Deployment
- Configuration Options for Systems with Restricted Policies for Domain Controller Credentials
- play_arrow Log Sources for WinCollect Agents
- Log Sources for WinCollect Agents
- Windows Event Logs
- Microsoft DHCP Log Source Configuration Options
- Microsoft Exchange Server Log Source Configuration Options
- DNS Debug Log Source Configuration Options
- Collecting DNS Analytic Logs by Using XPath
- File Forwarder Log Source Configuration Options
- Microsoft IAS Log Source Configuration Options
- WinCollect Microsoft IIS Log Source Configuration Options
- Microsoft ISA Log Configuration Options
- Juniper Steel-Belted Radius Log Source Configuration Options
- Microsoft SQL Server Log Source Configuration Options
- NetApp Data ONTAP Configuration Options
- Configuring a TLS Log Source
- Adding a Log Source to a WinCollect Agent
- Bulk Log Sources for Remote Event Collection
Event ID 1003 Splits the Message in JSA
Windows Event ID 1003 can exceed the default maximum payload size in JSA. It is then split into two separate messages.
The default maximum payload size in JSAis 4096 bytes. If Event ID 1003 messages are being split, you must increase the maximum payload size to keep the messages intact.
Follow these steps to increase the maximum payload size:
Log in to the Console as an administrator.
Click the Admin tab.
Click System Settings > Advanced.
On the System Settings pane, update the Max TCP Syslog Payload Length value to 8,192.
Note:Extremely large payload values can impact performance of the event pipeline. Do not increase the TCP Payload Length Value above 8,192 bytes without contacting Juniper support.
Click Save.
On the Admin tab, click Advanced > Deploy Full Configuration.
Note:Completing a full deployment restarts all services on all JSAappliances. Verify whether reports are running before you run the deployment, as a full deployment stops reports that are in progress. These reports must be manually restarted by a user or the administrator. This procedure also temporarily stops event and flow collection on all appliances while services are restarting. To avoid these issues, make this change during a maintenance window.
Click Continue to start the full deployment process.
After the deployment completes, all JSA managed hosts are sent the change to accept larger TCP payload length. The payloads across all managed hosts do not truncate the event message, unless they exceed 8,192 bytes.