Please enable JavaScript to view this site.

Navigation: Working with EventSentry > Collector

Configuration

Scroll Prev Top Next More

The collector is configured via the "Collector" button in the navigation tree and ribbon ("Home -> General") of the management console. The collector icon in the tree view is displayed in color when the collector service ("EventSentryCollector") is running, or displayed in gray when the collector is either not installed or not running.

 

clip0002

 

Hostname

Specifies the host name to which the remote agents will connect to, this should either be a host name which can be resolved by all hosts or an IP address. If the collector should be contacted from both the internal LAN as well as remote clients which connect through a firewall, then split DNS can be configured.

 

Multiple collectors can be separated with a comma, see "Multiple Collectors" for more information.

 

Enable Compression

Compresses all data before it is transmitted to the collector, reducing the overall bandwidth consumption of the agent. The compression factor depends on the data collected and usually ranges between 15 and 25% (subsequently reducing the amount of data transmitted by about 20%). Enabling compression is recommended in most cases and enabled by default.

 

Collect Statistics

Collects the following basic performance statistics in the database, see Collector Status for more information.

 

Communication

Transmits all collected data over a secure TLS channel using the specified TCP port.

 

Status

Shows current collector stats (updated every 1-2 minutes) that can assist with troubleshooting efforts. More detailed collector stats can also be viewed in the web reports under Settings -> Collector Status.

 

Connections: The number of agents currently connected to the collector

Queue In: Number of (raw) packets received and awaiting processing

Queue Out: Number of packets awaiting to be processed by the engine (usually database)

Latency: Average time it takes to fully process incoming data packets

 

The status area will also display any potential warnings or errors messages if any of the stats exceed recommended thresholds.

 

Deploy Configuration Updates

Instead of manually pushing configuration updates from the management console with remote update, the collector can send configuration updates to all connected agents automatically. This is particularly useful for clients which are not permanently connected to the network where the management console, e.g. laptops.

 

Automatic

Any time the configuration is saved in the management console the collector will automatically deploy it to all connected remote agents.
 
Semi-Automatic

Only automatically distributes an updated configuration if the configuration is saved with the "Save and Deploy" option. Simply clicking the "Save" button will save the configuration locally, but not deploy it network-wide.

 

clip0156

 

When a configuration update is approved, either manually or automatically, it may take several minutes before it is loaded by the remote agent.

 

info_24

Agents running on hosts where EventSentry was installed with the setup (usually affects only one host) will not accept remote configuration updates and instead load the configuration directly from the registry.

 

Keep remote agents up to date

Instead of manually upgrading remote agents whenever a patch or version update are installed, the collector can push an updated agent to all connected hosts. Once the remote agent receives an updated agent binary, it will update and restart itself automatically. This feature only works for agents running v3.3.x or later.

 

It may take up to 2 minutes before an agent update is sent by the collector, if a remote agent with an outdated agent is detected.

 

 

See Collector Security Configuration for more information.