Need information on how we can achieve High availability for Log decoders so that in case of Log decoder failure, log collection is not hampered?
Select the Collector you want to have failover to another log decoder in the event it's primary fails. (From the Devices menu)
Then select View from the top pane and select Config from the drop down.
Once inside the Log Collector's Configuration menu, select the Event Destinations Tab.
When adding a new destination group for collection to be sent too, add your failover log decoder in the Pane that says, "Failover Log Decoders".
You can also set the order of the log decoders in which the log collector will fail over too.
Hope this helps!
Any on this please?
Anything on this would be of great help.
Still waiting for some inputs on this.
Please consider moving this question as-is (no need to recreate) to the proper forum for maximum visibility. Questions written to the users' own "Discussions" space don't get the same amount of attention and can go unanswered for a long time.
You can do so by selecting "Move" under ACTIONS along the upper-right. Then search for and select: "RSA Security Analytics".
Thanks for the reply.
So, that means I need to have Virtual Log collectors in order to achieve redundancy at the collection level.
Decoders cannot work in redundancy on their own?
Yes, for the HA of log decoder we need to have atleast one Virtual log collector. In virtual log collector there is a configuration where you can configure one decoder as primary and other as secondary. When VLC found that primary log decoder is down then VLC will send the logs to secondary log decoder.
Decoder itself cant work on redundancy because when decoder is down then no fail-over configuration will work
Retrieving data ...