This topic tells you how to configure a Remote Collector to push events to a Local Collector.
After completing this procedure, you will have configured a Remote Collector to push events to Local Collectors.
Return to Procedures
Configure Remote Collector to Push Events to Log Collectors
You can configure a Remote Collector to push event data to one or more Local Collectors.
The following figure shows you how to configure a Remote Collector to push events to a Local Collector.
Select the Local Collectors tab, select Destinations in the Select Configuration drop-down menu, and click to display in Destination Groups to display the Add Remote Destinations dialog.
Specify a Local Collector to which the Remote Collector pushes events. Specify the Collection protocols to pull.
Newly added Local Collector is displayed in the Local Collector tab.
Configure the Selected Remote Collector to Push Events to Specified Log Collectors
- In the Security Analytics menu, select Administration > Services.
- In Services, select a Remote Collector.
- Click under Actions and select View > Config.
The Service Config view is displayed with the Log Collector General tab open.
- Select the Local Collectors tab.
- In the Destination Groups panel section, click .
The Add Remote Destination dialog displays.
Set up a Destination Group:
- Enter a Destination Name.
- (Optional) Enter a Group Name. If you leave Group Name blank, Security Analytics sets it to the value that you specified in Destination Name.
- Select one or more collection protocols in the Collections drop-down list.
Note: If you do not select a collection protocol, the Remote Collector pushes all collection protocols to the Local Collectors .
Note: The RabbitMQ may drop events between a Remote Collector and Local Collector due to low bandwidth as it utilizes high memory, thus setting off memory_alarm. For more information on the RabbitMQ behaviour, refer to https://www.rabbitmq.com/blog/2012/05/11/some-queuing-theory-throughput-latency-and-bandwidth/.