- play_arrow WinCollect 10 Overview
- play_arrow Uninstalling WinCollect 10
- play_arrow WinCollect 10 Stand-alone Console
- play_arrow WinCollect 10 stand-alone console
- play_arrow WinCollect 10 stand-alone configuration
- play_arrow Agent settings
- Service status
- Log Viewer
- Top Sources
- Applying pending changes
- play_arrow Create a source in the Source wizard
- play_arrow Configuration Scripts
- play_arrow Configuration scripts
- Configuring WinCollect 10 to collect Microsoft security events
- play_arrow Agent configuration update script use cases
- Adding NSA filtering to an existing source
- Add Sysmon to your existing Windows event sources
- Changing the heartbeat interval
- Modifying the event data storage configuration
- Sending Syslog data to JSA over TCP
- Change the console port number
- Configuring a remote source with an update script
- Add Active Directory lookup update script
- Update script to add a secondary destination
- Update script file warn and error messages
- play_arrow WinCollect Sources
- play_arrow WinCollect Sources
- play_arrow Advanced Settings
- play_arrow Advanced settings
- Agent advanced settings
- play_arrow Source advanced settings
- Microsoft Windows events advanced settings
- EVTX Forwarder advanced settings
- Common file-based plugin advanced settings
- File Forwarder advanced settings
- Microsoft DHCP Server advanced settings
- Microsoft DNS Debug advanced settings
- Microsoft Exchange Server advanced settings
- Microsoft Forefront TMG advanced settings
- Microsoft IIS advanced settings
- Microsoft NPS advanced settings
- Microsoft SQL Server advanced settings
- System advanced settings
- play_arrow The WinCollect 10 Statistics File
- play_arrow WinCollect Terminology
Hardware and software requirements for the WinCollect 10 host
Ensure that the Windows-based computer that hosts the WinCollect 10 agent meets the minimum hardware and software requirements.
Hardware and virtual machine requirements
The following table describes the minimum hardware requirements for local collection:
Requirement | Description |
---|---|
Memory | The WinCollect agent has a small memory footprint. The following numbers were generated on virtual machines (VMs) with two logical cores and 2-4GB of memory. One Event per second (EPS) or less: 3.5 MB 100 EPS or less: 3.6 MB 2,500 EPS or less: 4.6 MB 5,000 EPS or less: 6 MB |
Processor | Intel Core i3 or equivalent Systems were tested on VMs with two cores and 2 - 4 GB of memory. |
Available processor resources | 0-20%, depending on CPU, EPS, and number of endpoints polled. See the
following table for examples. Very high EPS rates have a direct effect on the Average CPU used by the WinCollect Agent. |
Disk space | 20 MB for software, plus up to 300 MB for log files. Up to 6 GB might be required, if you store events to disk. |
WinCollect CPU load depends on several factors, including the number of events per second that are being processed.
The following table shows resources that are used by WinCollect 10, using the minimum recommended provisioned test environments with various EPS counts.
Profile | OS | CPU | Memory | Average CPU | Memory |
---|---|---|---|---|---|
Low EPS (<1) | Windows 10 | 2 cores | 2 GB | 0.0% | 2.8 MB |
Low EPS (<1) | Server 2016 | 2 cores | 4 GB | 0.0% | 4.1MB |
Low EPS (<1) | Server 2019 | 2 cores | 4 GB | 0.0% | 3.5 MB |
Medium EPS (100) | Windows 10 | 2 cores | 2 GB | 0.21% | 3.0 MB |
Medium EPS (100) | Server 2016 | 2 cores | 4 GB | 0.12% | 4.1 MB |
Medium EPS (100) | Server 2019 | 2 cores | 4 GB | 0.10% | 3.6 MB |
High EPS (5000) | Windows 10 | 2 cores | 2 GB | 14% | 4.7 MB |
High EPS (5000) | Server 2016 | 2 cores | 4 GB | 8% | 6.0 MB |
High EPS (5000) | Server 2019 | 2 cores | 4 GB | 9% | 5.7 MB |
Profile | OS | CPU | Memory | Average CPU | Memory |
---|---|---|---|---|---|
WEF Collector | Server 2019 | 6 cores | 16 GB | 4.5% | 13 MB |
Profile | OS | CPU | Memory | EPS | Endpoints polled | Average CPU | Memory |
---|---|---|---|---|---|---|---|
High EPS / Low Device Count | Server 2019 | 8 cores | 16 GB | 5000 | 10 | 7.5% | 11 MB |
High EPS / Medium Device Count | Server 2019 | 8 cores | 16 GB | 5000 | 250 | 4.8% | 36 MB |
High EPS / High Device Count | Server 2019 | 8 cores | 16 GB | 5000 | 500 | 7.1% | 60 MB |
Software requirements
The following table describes the software requirements:
Requirement | Description |
---|---|
Operating system | Windows Server 2022 (including Core) Windows Server 2019 (including Core) Windows Server 2016 (including Core) Windows Server 2012 (including Core) Windows 10 |
Distribution | One WinCollect agent for each Windows host. |
Required user role permissions for installation | Administrator, or local administrator |
WinCollect is not supported on versions of Windows that are designated end-of-life by Microsoft. After software is beyond the Extended Support End Date, the product might still function as expected. However, Juniper does not make code or vulnerability fixes to resolve WinCollect issues for older operating systems. For example, Microsoft Windows Server 2003 R2 and Microsoft Windows XP are operating systems that are beyond the "Extended Support End Date." Any questions about this announcement can be discussed in the JSA Collecting Windows Events (WMI/ALE/WinCollect) forum. For more information, see https://support.microsoft.com/en-us/lifecycle/search.