This topic tells you how to replicate event data sent by a Remote Collector.
After completing this procedure, you will have configured Security Analytics so that it replicates a Remote Collector's event data in multiple local collector destination groups.
Return to Procedures.
Replicate Event Messages
You can specify multiple Destination Groups so that the event data is replicated to each group.
The following figure shows you how to replicate event data to multiple Local Collectors.
Replicate Event Data to Multiple Local Collectors
- In the Security Analytics menu, select Administration > Services.
- In Services, select a Remote Collector.
- Click under Actions and select View > Config.
The Service Config view is displayed with the Log Collector General tab open.
- Select the Local Collectors tab.
- In the Destination Groups panel section, click .
The Add Remote Destination dialog is displayed.
- Set up a separate Destination for each Local Collector and designate the protocols for which you want to push event messages to that Local Collector. The following examples shows the addition of two Destination Local Collectors (Destination1 and Destination2) for the
Check Point, File, Netflow, ODBC, SDEE, SNMP, Syslog, and Windows collection protocols:
- Type the Destination Name.
- Type the Group Name. If you do not type a Group Name, the Destination Name is taken as the Group Name.
- Select the collection protocols in the drop-down list.
- Select a Local Collector (for example, LC1).
- Click OK.
- Select the new group (for example, DestinationGroup2) group in the Destination Groups panel and click in the Local Collector panel.
- In the Local Collector panel, click and complete the Add Remote Destination dialog as illustrated in the following figure.