Bigfix Server Security Event Logs

We’re implementing event log collection via “WinCollect” to qRadar. The problem we’re having with the Bigfix server is that the security event log on it generate 50-100 (or more) events per second, and WinCollect can’t keep up. Looking at the events manually, they all seem to be legit, it’s just they are created so fast I almost can’t read them. Does this sound normal?

Depends a lot on what the events are, and what events you’re auditing on the system. For instance if you’re auditing file writes to the FillDBData directory, that sounds like the frequency depending on how often your clients report, and how many of them there are.