Log Collection Deployment: Configure Replication

Document created by RSA Information Design and Development on Sep 11, 2017Last modified by RSA Information Design and Development on Oct 12, 2017
Version 7Show Document
  • View in full screen mode
  

This topic tells you how to replicate event data sent by a Remote Collector.

You can specify multiple Destination Groups so that the event data is replicated to each group.

To replicate event data to multiple Local Collectors:

  1. Go to ADMIN > Services.
  2. Select a Remote Log Collection service.
  3. Under Actions, select > View > Config.

    The Service Config view is displayed with the Log Collector General tab open.

  4. Select the Local Collectors tab.
  5. In the Destination Groups panel section, click .

    The Add Remote Destination dialog is displayed.

    Add Replication dialog is displayed.

  6. Set up a separate Destination for each Local Collector and designate the protocols for which you want to push event messages to that Local Collector. The following examples shows the addition of two Destination Local Collectors (Destination1 and Destination2) for the Check PointFile, Netflow, ODBC, SDEE, SNMP, Syslog, and Windows collection protocols:

    Add Remote Destination dialog shows a separate destination for each Local Collector.

    1. Type the Destination Name.
    2. Type the Group Name. If you do not type a Group Name, the Destination Name is taken as the Group Name.
    3. Select the collection protocols in the drop-down list.
    4. Select a Local Collector (for example, LC1).
    5. Click OK.
    6. Select the new group (for example, DestinationGroup2) group in the Destination Groups panel and click in the Local Collector panel.
    7. In the Local Collector panel, click and complete the Add Remote Destination dialog as illustrated in the following figure.

      Add Remote Destination dialog is displayed.

The Check PointFile, Netflow, ODBC, SDEE, SNMP, Syslog, and Windows collection protocols are sent to two Local Collectors (LC1 and LC2). Both Local Collectors are active and collecting event data.

Destination Groups and Destination Collectors panels are displayed.

Previous Topic:Configure Failover
You are here
Table of Contents > Setup > Add Local and Remote Collectors > Configure Replication

Attachments

    Outcomes