Log Collection Deployment: Configure Chain of Remote Collectors

Document created by RSA Information Design and Development on Sep 11, 2017Last modified by RSA Information Design and Development on Oct 12, 2017
Version 7Show Document
  • View in full screen mode
  

This topic describes how to chain Remote Collectors (also referred to as VLCs).

You can set up a chain of Remote Collectors to push event data to a Remote Collector, or you can configure a Remote Collector to pull event data from a chain of Remote Collectors.

  • Remote Collectors to push data. Push data from a Remote Collector to other Remote Collectors or Local Collectors.
  • Remote Collector to pull data. Use a Remote Collector to pull data from one or more Remote Collectors.

Configure Remote Collector to Push Event Data to Remote Collector

You can configure a Remote Collector to push event data to a Remote Collector.

Configure a Remote Collector to Push Events to Specified Remote Collector

  1. Go to ADMIN > Services.
  2. In Services, select a Remote Collector.
  3. Under Actions, select > View > Config to display the Log Collection configuration parameter tabs.

    The Log Collector Service Config view is displayed with the Log Collector General tab open.

  4. Select the Local Collectors tab.
  5. Select Destinations in the Select Configurations drop-down menu.
  1. In the Destination Groups panel section, select .

    The Add Remote Destination dialog is displayed.

  2. Set up a Destination Group:

    1. Enter a Destination Name.
    2. (Optional) Enter a Group Name. If you leave Group Name blank, NetWitness Suite sets it to the value that you specified in Destination Name.
    3. Select one or more collection protocols in the Collections drop-down list.
    4. Under Log Collectors Addresses, click  to select a Remote Collector.

      Add Remote Destination dialog is displayed.

Note: If you do not select a collection protocol, the Remote Collector pushes all collection protocols to the Remote Collectors.

Configure Remote Collector to Pull Event Data from a Remote Collector

Configure the Selected Remote Collector to Pull Events from Specified Remote Collector

  1. Go to ADMIN > Services.
  2. In Services, select a Remote Collector.
  3. Under Actions, select > View > Config to display the Log Collection configuration parameter tabs.

    The Service Config view is displayed with the Log Collector General tab open.

  4. Select the Local Collectors tab.
  5. Select Sources in the Select Configurations drop-down menu.

    Sources is selected from the Select Configurations drop-down menu.

  6. In the Remote Collectors panel, select .

    The Add Source dialog is displayed.

  7. In the Add Source dialog:

    1. Select one or more collection protocols.
      If you do not select a collection protocol, the Remote Collector pulls all collection protocols from the Remote Collector.
    2. Click OK.

The Remote Collector is added to the Remote Collector section. When the Log Collector starts collecting data, it pulls event data from this Remote Collector.

Previous Topic:Configure Replication
You are here
Table of Contents > Setup > Add Local and Remote Collectors > Configure Chain of Remote Collectors

Attachments

    Outcomes