Yes. However if you change the service account used for the Collector you will not be able to reuse the existing certificate as a new one must be created when the Collector starts under a different account This will require a manual configuration update Push Configuration for your agents as they will otherwise refuse to connect to the Co...
To utilize the collector feature the following prerequisites need to be met: The collector service needs to be installed and running on at least one host on your network The collector needs to be enabled The collector needs to be configured optional At least one action needs to be configured to use the collector The configuratio...
Utilizing the collector service offers the following advantages: Communication between the collector and the agents can automatically be encrypted Communication between the collector and the agents can automatically be compressed ODBC drivers do not need to be installed on the monitored hosts The agents no longer communicate with the res...
If you go into the Windows event viewer on your EventSentry server select the Application log and look for event 117 118 119 122 or 123 from EventSentry Collector as the source. If these events exist here are the steps you can take to resolve these error events and allow the agents to connect: Event 117 This error is generated be...
This can happen if you reset your collector certificate without pushing the new configuration within 1 week or by migrating the EventSentry server to a new machine after the collector was previously used. If you reset the certificate without pushing the configuration in time or these errors were caused by a migration of your EventSentry serve...
Yes however if you change the certificate used for the Collector your agents will refuse to connect to the Collector once the certificate has changed. This will require a manual configuration update Push Configuration for your agents so that they can reconnect. You can substitute the selfsigned certificate which is automatically genera...
Since EventSentry utilizes the TLS capabilities of the OS the version of TLS being used between the collector and the agents depends both on the version of Windows the collector is running on and the version of Windows the agent is running on. By default client agent and server collector will negotiate the following TLS parameters illu...
I39m receiving the following error from the collector: Event ID: 905Source: EventSentryCategory: Collector Client The EventSentry agent is unable to establish a secure connection with any of the listed collectors:servername.domain.local5001: Could not acquire security credentials: error 0x80090331. 273 You will receive this error messa...
It is not possible to automatically loadbalance with multiple Collector hosts but you can manually distribute the load by allocating certain groups or specific hosts to a specific collector priority. Please note that the agent will use the first collector in the list unless it can39t connect or the connection gets interrupted and it can39t re...
There are several different errors that can occur. Timeout 301 or Connection Timed Out 10060 Please ensure that the agent can resolve the collector host name if an IP is not being used for the collector name. Also please ensure that the agent can access the specified port number for the collector39s IP address you can test this using ...
The maximum size of the debug log file for the collector service can be adjusted with the debuglevelmaxsize registry value. This DWORD value specifies the maximum size of each debug log file in megabytes consequently the total disk space used will be twice the size of the registry value. The default size for each debug log file is 150M...
When you scan the collector with a vulnerability scanner it will list all ciphers that are currently supported by the Windows OS. However the only cipher that will be used by the collector is the cipher used in the collector certificate. You can check what cipher the collector cert is using with openssl. openssl sclient connect COLLECTOR...
