Log Collection Deployment: Push Events to Local Collectors

Document created by RSA Information Design and Development on Jul 23, 2016Last modified by RSA Information Design and Development on Sep 14, 2016
Version 4Show Document
  • View in full screen mode
 

This topic tells you how to configure a Remote Collector to push events to a Local Collector.

After completing this procedure, you will have configured a Remote Collector to push events to Local Collectors.

Return to Procedures

Procedures

Configure Remote Collector to Push Events to Log Collectors

You can configure a Remote Collector to push event data to one or more Local Collectors.

The following figure shows you how to configure a Remote Collector to push events to a Local Collector.

AddRCLA1(simple).png

Access the Services view.

AddRCLA2(simple).png

Select a remote collector.
Click AdvcdExpandBtn.PNGunder Actions and select View >
Config to display the Log Collection configuration parameter tabs.

LCTab1.png

Select the Local Collectors tab, select Destinations in the Select Configuration drop-down menu, and click Icon-Add.png to display in Destination Groups to display the Add  Remote Destinations dialog.
Specify a Local Collector to which the Remote Collector pushes events. Specify the Collection protocols to pull.
Newly added Local Collector is displayed in the Local Collector tab.

Configure the Selected Remote Collector to Push Events to Specified Log Collectors

  1. In the Security Analytics menu, select Administration > Services.
  2. In Services, select a Remote Collector.
  3. Click AdvcdExpandBtn.PNGunder Actions and select View > Config.
    The Service Config view is displayed with the Log Collector General tab open.
  4. Select the Local Collectors tab.
  5. In the Destination Groups panel section, click Icon-Add.png.
    The Add Remote Destination dialog displays.
  6. Set up a Destination Group:

    1. Enter a Destination Name.
    2. (Optional) Enter a Group Name. If you leave Group Name blank, Security Analytics sets it to the value that you specified in Destination Name.
    3. Select one or more collection protocols in the Collections drop-down list.
    4. Under Log Collectors Addresses, click Icon-Add.png to select a Local Collector.

      AddRCDestination.png

Note: If you do not select a collection protocol, the Remote Collector pushes all collection protocols to the Local Collectors .

Note: The RabbitMQ may drop events between a Remote Collector and Local Collector due to low bandwidth as it utilizes high memory, thus setting off memory_alarm. For more information on the RabbitMQ behaviour, refer to https://www.rabbitmq.com/blog/2012/05/11/some-queuing-theory-throughput-latency-and-bandwidth/.

Parameters

Reference - Remote/Local Collectors Configuration Parameters Interface

You are here: Log Collection Deployment Guide > Procedures > Configure Local and Remote Collectors > Log Collection Deployment: Push Events to Local Collectors

Attachments

    Outcomes