- play_arrow What's New in WinCollect
- play_arrow WinCollect Overview
- play_arrow WinCollect installations
- WinCollect installations
- Installing and Upgrading the WinCollect Application on JSA Appliances
- Creating an Authentication Token for WinCollect Agents
- Adding Multiple Destinations to WinCollect Agents
- Migrating WinCollect Agents After a JSA Hardware Upgrade
- Stand-alone WinCollect Installations
- WinCollect Configuration Console Overview
- Installing the Configuration Console
- Silently Installing, Upgrading, and Uninstalling WinCollect Software
- Setting an XPath Parameter During Automated Installation
- Migrating from Adaptive Log Exporter to WinCollect
- Installing the WinCollect Agent on a Windows Host
- Installing a WinCollect Agent from the Command Prompt
- Uninstalling a WinCollect Agent from the Command Prompt
- Uninstalling a WinCollect Agent from the Control Panel
- play_arrow Configuring WinCollect Agents After Installation
- Configuring WinCollect Agents After Installation
- Manually Adding a WinCollect Agent
- Deleting a WinCollect Agent
- WinCollect Destinations
- Adding Custom Entries to WinCollect Status Messages
- Forwarding Events Identifier
- Configuring Stand-alone WinCollect Agents with the Configuration Console
- Creating a WinCollect Credential
- Adding a Destination to the WinCollect Configuration Console
- Configuring a Destination with TLS in the WinCollect Configuration Console
- Adding a Device to the WinCollect Configuration Console
- Sending Encrypted Events to JSA
- Increasing UDP Payload Size
- Include Milliseconds in Event Log Timestamp
- Collecting Local Windows Logs
- Collecting Remote Windows Logs
- Changing configuration with Templates in a Stand-alone Deployment
- Configuration Options for Systems with Restricted Policies for Domain Controller Credentials
- play_arrow Log Sources for WinCollect Agents
- Log Sources for WinCollect Agents
- Windows Event Logs
- Microsoft DHCP Log Source Configuration Options
- Microsoft Exchange Server Log Source Configuration Options
- DNS Debug Log Source Configuration Options
- Collecting DNS Analytic Logs by Using XPath
- File Forwarder Log Source Configuration Options
- Microsoft IAS Log Source Configuration Options
- WinCollect Microsoft IIS Log Source Configuration Options
- Microsoft ISA Log Configuration Options
- Juniper Steel-Belted Radius Log Source Configuration Options
- Microsoft SQL Server Log Source Configuration Options
- NetApp Data ONTAP Configuration Options
- Configuring a TLS Log Source
- Adding a Log Source to a WinCollect Agent
- Bulk Log Sources for Remote Event Collection
- play_arrow Troubleshooting WinCollect Deployment Issues
- Troubleshooting WinCollect Deployment Issues
- Common Problems
- Replacing the Default Certificate in JSA Generates Invalid PEM Errors
- The Statistics Subsystem
- Event ID 1003 Splits the Message in JSA
- WinCollect Files are Not Restored During a Configuration Restore
- Windows 10 (1803) Cannot Read the Security Bookmark File
- Resolving Log Source Error After WinCollect Update
- WinCollect Log File
Hardware and Software Requirements for the WinCollect Host
Ensure that the Windows-based computer that hosts the WinCollect agent meets the minimum hardware and software requirements.
Hardware/virtual Machine Requirements
The following table describes the minimum hardware requirements for local collection:
Requirement | Description |
|---|---|
Memory | The WinCollect agent has a very low memory footprint. The following numbers were generated on virtual machines (VMs) with two Logical cores and 2-4GB of memory. 1 Event per second (EPS) or less: 9 MB 100 EPS or less: 10.5 MB 2,500 EPS or less: 15 MB 5,000 EPS or less: 20 MB |
Processor | Intel Core i3 or equivalent Systems were tested on VMs with two Cores and 2 - 4 GB of memory. |
Available processor resources | 0-35%, depending on CPU, EPS, and number of endpoints polled. See the following table for examples. Very high EPS rates have a direct effect on the Average CPU used by the WinCollect Agent. |
Disk space | 100 MB for software, plus up to 100 MB for files. Upto 6 GB might be required if you store events to disk. |
WinCollect CPU and memory loads depend on several factors, including the number of events per second that are being processed.
The following table shows resources that are used by WinCollect in testing environments with various hardware configurations and EPS counts.
Profile | Type | OS | RAM | Cores | Avg FPS | RAM used | Avg CPU |
|---|---|---|---|---|---|---|---|
Maximum EPS | VM | Windows 2019 Server | 4 GB | 2 | 5,000 | 20 MB | 32% |
High EPS | VM | Windows 2019 Server | 4 GB | 2 | 2,500 | 15 MB | 18% |
Meduim EPS | VM | Windows 2019 Server | 4 GB | 2 | 100 | 10.5 MB | 1.2% |
Low EPS | VM | Windows 2019 Server | 4 GB | 2 | <1 | 9 MB | <1% |
Similar results were found testing with Windows 2016 Server.
A lower provisioned Windows 10 VM yielded similar results.
Profile | Type | OS | RAM | Cores | Avg EPS | RAM used | Avg CPU |
|---|---|---|---|---|---|---|---|
High EPS | VM | Windows 10 | 2 GB | 2 | 2500 | 11 MB | 22% |
Medium EPS | VM | Windows 10 | 2 GB | 2 | 100 | 5.5 MB | 1.5% |
Low EPS | VM | Windows 10 | 2 GB | 2 | <1 | 5.5 MB | <1 |
The following table describes the minimum hardware requirements for remote collection:
Requirement | Description |
|---|---|
Memory | 5 endpoints or less: 80 MB 250 endpoints or less: 293 MB 500 endpoints or less: 609 MB |
Processor | Intel Core i3 or equivalent |
Available processor resources | Approximately 20%, depending on CPU, EPS, and number of endpoints polled. |
Disk space | 100 MB for software, plus up to 100 MB for files. Upto 6 GB might be required if you store events to disk. |
WinCollect CPU and memory loads depend on several factors, including the number of events per second that are being processed and the number of remote endpoints that are being polled.
Profile | Type | OS | RAM | Cores | Avg FPS | RAM used | Avg CPU |
|---|---|---|---|---|---|---|---|
High EPS Low Device Count | VM | Windows 2012 Server | 12 GB | 6 | 3000 | 78 MB | 6.5% |
Medium EPS and Device count | VM | Windows 2016 Server | 12 GB | 250 | 2500 | 290 MB | 14% |
High EPS High Device count | VM | Windows 2016 Server | 16 GB | 500 | 5000 | 605 MB | 10.75% |
Software Requirements
Requirement | Description |
|---|---|
Operating system | Windows Server 2022 (including Core) Windows Server 2019 (including Core) Windows Server 2016 (including Core) Windows Server 2012 (including Core) Windows 10 |
Distribution | One WinCollect agent for each Windows host. |
Required user role permissions for installation | Administrator, or local administrator Administrative permissions are not required for remote collection |
WinCollect is not supported on versions of Windows that are designated end-of-life by Microsoft After software is beyond the Extended Support End Date, the product might still function as expected. However, Juniper does not make code or vulnerability fixes to resolve WinCollect issues for older operating systems. For example, Microsoft Windows Server 2003 R2 and Microsoft Windows XP are operating systems that are beyond the "Extended Support End Date”. For more information, see https://support.microsoft.com/en-us/lifecycle/search (https://support.microsoft.com/en-us/lifecycle/search).
