Log Collection Deployment: Configure Replication

Document created by RSA Information Design and Development on May 9, 2016Last modified by RSA Information Design and Development on May 4, 2017
Version 6Show Document
  • View in full screen mode
  

This topic tells you how to replicate event data sent by a Remote Collector.

After completing this procedure, you will have configured Security Analytics so that it replicates a Remote Collector's event data in multiple local collector destination groups.

Return to Procedures.

Procedures

Replicate Event Messages

You can specify multiple Destination Groups so that the event data is replicated to each group.

The following figure shows you how to replicate event data to multiple Local Collectors.

AddRCLA1(simple).png

Access the Services view.

RCParamConfigNav.png

Select a Remote Collector.

Click AdvcdExpandBtn.PNGunder Actions and select View > Config to display the Log Collection configuration parameter tabs.

ReplcateInstr1.png

Select the Local Collectors tab, select Destinations in Select Configuration drop-down menu, and click Icon-Add.png  in Destination Groups to display the Add Remote Destinations dialog.

ReplcateInstr2.png

Set up the Destination Groups to facilitate replication

Newly added replication Destination Groups  display in the Local Collector tab.

Replicate Event Data to Multiple Local Collectors

  1. In the Security Analytics menu, select Administration > Services.
  2. In Services, select a Remote Collector.
  3. Click AdvcdExpandBtn.PNGunder Actions and select View > Config.
    The Service Config view is displayed with the Log Collector General tab open.
  4. Select the Local Collectors tab.
  5. In the Destination Groups panel section, click Icon-Add.png.
    The Add Remote Destination dialog is displayed.
  6. Set up a separate Destination for each Local Collector and designate the protocols for which you want to push event messages to that Local Collector. The following examples shows the addition of two Destination Local Collectors (Destination1 and Destination2) for the
    Check PointFile, Netflow, ODBC, SDEE, SNMP, Syslog, and Windows collection protocols:
    1. Type the Destination Name.
    2. Type the Group Name. If you do not type a Group Name, the Destination Name is taken as the Group Name.
    3. Select the collection protocols in the drop-down list.
    4. Select a Local Collector (for example, LC1).
    5. Click OK
      ReplcateAddDest1.png
    6. Select the new group (for example, DestinationGroup2) group in the Destination Groups panel and click Icon-Add.png in the Local Collector panel.
    7. In the Local Collector panel, click Icon-Add.png and complete the Add Remote Destination dialog as illustrated in the following figure.
      ReplcateAddDest2.png

The Check PointFile, Netflow, ODBC, SDEE, SNMP, Syslog, and Windows collection protocols are sent to two Local Collectors (LC1 and LC2). Both Local Collectors are active and collecting event data.
replication.png

You are here
Table of Contents > Log Collection Deployment Guide > Procedures > Configure Local and Remote Collectors > Push Events to Local Collectors > Configure Replication

Attachments

    Outcomes