Log Collection Deploy: Configure Chain of Remote Collectors

Document created by RSA Information Design and Development on Jul 29, 2016
Version 1Show Document
  • View in full screen mode
 

You can set up a chain of Remote Collectors to push event data to a {rc}}, or you can configure a Remote Collector to pull event data from a chain of Remote Collectors.

  • Remote Collectors to push event data to a Remote Collector.
  • A Remote Collector to pull event data from one or more Remote Collectors.

Note: For Remote Collector chaining, you can only:
Push data from a 10.4 or later Remote Collector to other 10.4 or later Remote Collectors or 10.4 or later Local Collectors.

Use a 10.4 or later Remote Collector to pull data from one or more 10.4 or later Remote Collectors.

Configure Remote Collector to Push Event Data to Remote Collector

You can configure a Remote Collector to push event data to a Remote Collector.

The following procedure explains how to configure a Remote Collector to push event data to a Remote Collector.

  1. In the Security Analytics menu. select Administration > Services.
  2. Select a Remote Collector.
  3. Click under Actions and select View > Config to display the Log Collection configuration parameter tabs.
  4. Select the Local Collectors tab, select Destinations in Select Configuration drop-down menu, and click in Destination Groups to display the Add Remote Destinations dialog.
  5. Set up the Destination Groups.

Configure the Selected Remote Collector to Push Events to Specified Remote Collector

  1. In the Security Analytics menu, select Administration > Services.
  2. In Services, select a Remote Collector.
  3. Click AdvcdExpandBtn.PNGunder Actions and select View > Config.
    The Log Collector service Config view is displayed with the Log Collector General tab open.
  4. Select the Local Collectors tab.
  5. Select Destinations in the Select Configurations drop-down menu.
  1. In the Destination Groups panel section, select Icon-Add.png.
    The Add Remote Destination dialog is displayed.
  2. Set up a Destination Group:
    1. Enter a Destination Name.
    2. (Optional) Enter a Group Name. If you leave Group Name blank, Security Analytics sets it to the value that you specified in Destination Name.
    3. Select one or more collection protocols in the Collections drop-down list.
    4. Under Log Collectors Addresses, click Icon-Add.png to select a Remote Collector.
      AddRemoteDestRCPushRC.png

Note: If you do not select a collection protocol, the Remote Collector pushes all collection protocols to the Remote Collectors.

Configure Remote Collector to Pull Event Data from a Remote Collector

The following procedure explains how to configure a Remote Collector to pull events from specified Remote Collector.

  1. In the Security Analytics menu, select Administration > Services.
  2. Select a Remote Collector.
  3. Click under Actions and select View > Config to display the Log Collection configuration parameter tabs.
  4. Select the Local Collectors tab, select Sources in Select Configurations drop-down menu, and click in Remote Collectors to display the Add Source dialog.
  5. In the Add Source dialog, select the Remote Collector from which you want to pull events.

Configure the Selected Remote Collector to Pull Events from Specified Remote Collector

  1. In the Security Analytics menu, select Administration > Services.
  2. In Services, select a Remote Collector.
  3. Click AdvcdExpandBtn.PNGunder Actions and select View > Config.
    The Service Config view is displayed with the Log Collector General tab open.
  4. Select the Local Collectors tab.
  5. Select Sources in the Select Configurations drop-down menu.
    VLC_CollTab_Pul.png
  6. In the Remote Collectors panel, select Icon-Add.png.
    The Add Source dialog is displayed.
  7. In the Add Source dialog:
    1. Select one or more collection protocols.
      If you do not select a collection protocol, the Remote Collector pulls all collection protocols from the Remote Collector.
    2. Click OK.

AddSrcRCPullRC.png
The Remote Collector is added to the Remote Collector section. When the Log Collector starts collecting data, it pulls event data from this Remote Collector.

Parameters

Remote/Local Collector Tab Parameters

You are here: Log Collection Deployment Guide > Procedures > Configure Chain of Remote Collectors

Attachments

    Outcomes