Log Collection Deployment: Configure Failover Local Collector

Document created by RSA Information Design and Development on Jun 25, 2017Last modified by RSA Information Design and Development on Jul 28, 2017
Version 2Show Document
  • View in full screen mode
  

This topic tells you how to set up a Failover Local Collector for a Remote Collector.

After completing this procedure, you will have set up a destination made up of local collectors such that when the primary Local Collector is unreachable, the Remote Collector attempts to connect to each local collector in this destination until it makes a successful connection.

Return to Procedures

Configure a Failover Local Collector

You can set up a Failover Local Collector that Security Analytics will fail over to if your primary Local Collector stops operating for any reason.

The following figures shows you how to set up a failover Local Collector.

AddRCLA1(simple).png

Access the Services view.

AddRCLA2(simple).png

Select a remote collector.

Click AdvcdExpandBtn.PNGunder Actions and select View > Config to display the Log Collection configuration parameter tabs.

LCFailover.png

Select the Local Collectors tab, select Destinations in Select Configuration drop-down menu, and click Icon-Add.png to display in Destination Groups to display the Add  Remote Destinations dialog.

Add a primary Local Collector.

Edit the Remote Destination and add a standby Local Collector.

Newly added primary and standby Local Collectors are displayed in the Local Collector tab.

Set Up a Failover Local Collector

  1. In the Security Analytics menu, select Administration > Services.
  2. In Services, select a Remote Collector.
  3. Click AdvcdExpandBtn.PNGunder Actions and select View > Config.

    The Service Config view is displayed with the Log Collector General tab open.

  4. Select the Local Collectors tab.
  5. In the Destination Groups panel section, select Icon-Add.png.

    The Add Remote Destination dialog displays.

  6. Set up a Destination Group and select a primary Local Collector (for example, LC-PRIMARY).

    StanbyAddPrimaryLC.png

  7. Select the Group (for example, Primary_Standby_LCs) in the Destination Groups panel and click icon-edit.png.

    The Group you selected is displayed in the Local Collectors panel.

  8. Add the Failover Local Collector (for example, LC-STANDBY).

    StanbyAddStandbyLC.png

    The following examples show the newly added primary and failover Local Collectors showing the primary Local Collector as Active and the Failover Local Collector as Standby. The active Local Collector is highlighted (for example, LC-PRIMARY).

    FailoverActStdby.png

  9. (Optional) Add, delete, and change the order of Local Collectors to each Remote Destination.

    1. Click Icon-Add.png to add a Log Collector as a failover Remote Destination.
    2. When connecting to a Remote Destination, the Remote Collector will attempt to connect to each Local Collector in this list in order, until it makes a successful connection.
    3. Select a Local Collector and use the  UpDownArrows.PNG (up and down arrow buttons) to change the order of connection. 
    4. Select one or more Local Collectors and click Icon_Delete_sm.png  to remove them from the list.

    The selected Local Collectors are added to the Log Collector section. When the Remote Collector starts collecting data, it pushes data to these Log Collectors.

Parameters

Reference - Remote/Local Collectors Configuration Parameters Interface

You are here
Table of Contents > Log Collection Deployment Guide > Procedures > Configure Local and Remote Collectors > Push Events to Local Collectors > Configure Failover Local Collector

Attachments

    Outcomes