I have the following architecture (10.4.0.2 from 10.3.4):
- One Security Analytics appliance
- One hybrid appliance (log collector / decoder / concentrator)
- One Remote Log collector VM) on a customer site
- Its IP is NAT'ed from the Security Analytics Appliance
- The IP of the Security Analytics appliance is NAT'ed from this Log collector
The provisioning of the Remote Log collector fails because the IP of the SA is not the NAT'ed IP in /etc/mcollective/server.cfg and this configuration file is always override by the puppet agent.
How override the sa_server value on the Security Analytics(Puppet Master) for this Log Collector ?
(I guess that's in the mongodb node definition..)