AnsweredAssumed Answered

Should I have a separate concentrator for logs and packet?

Question asked by Jeremy Kerwin on Dec 7, 2018
Latest reply on Dec 11, 2018 by Jeremy Kerwin

In our main data centre, we have a decoder each for logs and packets, and also a concentrator each for logs and packets.

I'm curious if I should keep this configuration or go for a single concentrator for both logs and packets.

What would be the pros and cons of each config. 

 

One issue I'm finding with separate concentrators is correlating the same events between logs and packets, which made me think that if there was a single concentrator for both I'd be able to do it.

 

Thanks.

Outcomes