Despite the redundancy feature available in the collector and agents, setting up more than one collector can be advantageous for the following reasons:
•Resource utilization of the host running the collector is too high
•Isolation between hosts is desired
•Collectors are split and associated with different databases
•Extended / regular downtime of the primary collector is planned or anticipated
The steps below outline how to setup & configure an additional collector.
1. Determine a host
Select a host which has sufficient memory & cpu resources available to run the collector service. Windows 2012 and later is preferred since it offers better security when modern clients connect. A host with a fast connection to the back-end EventSentry database should be preferred.
2. Configure EventSentry
On the host where EventSentry is installed, open the management console and click on the "Collector" icon. In the "Hostname(s)" field append a comma and the host name of the new collector, e.g.
esmain.yourcompany.com,esbackup.yourcompany.com
3. Enhanced Security
If one or more database actions which will be used by the collector are configured for enhanced security then the host designated for the backup collector will need to be configured as a trusted host.
4. Push Configuration / Deploy Agent
If the host designated for the backup collector is already running an EventSentry agent then simply push the configuration, otherwise deploy an agent with remote update. This is required.
5. Copy required files
From the EventSentry installation directory (usually C:\Program Files\EventSentry), copy the following files (and/or directories) to any temporary directory on the remote host. We will use the directory C:\EventSentry for this purpose.
•eventsentry_gui_x64.exe
•es_collector_svc_x64.exe
•Qt5Core.dll
•concrt140.dll
•msvcp140.dll
•vccorlib140.dll
•vcruntime140.dll
Example: You should have the file C:\EventSentry\x64\Qt5Core.dll.
6. Collector service registration and installation
Start the management console (eventsentry_gui[_x64].exe) and navigate to the collector dialog. The host name field should contain the correct information entered in step (2). If not, attempt to push the configuration again and optionally restart the EventSentry agent service.
Then, click the "Install" button and point to the temporary directory.
7. Customize
It is not recommended to change the "Communication" settings of the collector, since they should match the settings of the primary collector. The "Network Authorization" settings may be customized on a backup collector if only select subnets should be allowed access.
8. Activation
The backup collector is activated by starting the service with the "Start" button. The configuration needs to also be pushed to all remote hosts from the host where EventSentry is installed (not from the backup collector), so that the remote hosts are aware of the backup collector.
9. Maintenance
The binary utilized by the collector, es_collector_svc.exe or es_collector_svc_x64.exe respectively, need to be manually update on any listed backup collector whenever a patch or a new version of EventSentry is installed. Simply stop the EventSentryCollector service on a backup collector, replace the binary with the latest version from the installation directory, and restart the EventSentryCollector service.
|
When multiple collectors are configured, an agent will always attempt to connect to the listed collectors sequentially, starting with the first listed host. If a connection is established with a backup collector, the agent will continue to communicate with that collector until the connection is interrupted or the agent is restarted. |
