Configure distributed mode

Configure AgentX to operate in distributed mode with master and worker nodes for high availability and horizontal scaling.

Prerequisites

• AgentX Server installed on all Logpoint instances

• AgentX Manager installed on all Logpoint instances

• Multiple Distributed Logpoint instances available

• Administrator access to all Logpoint instances

• Network connectivity between all Logpoint instances on port 1516

Procedure

1. Go to Settings > Configuration on the Logpoint instance you want to designate as the master node.

2. Select AgentX.

3. Select Mode of Operation.

4. Select Distributed.

5. Select Yes in the confirmation dialog.

6. Select the Distributed Logpoint instances to add as worker nodes. You can select multiple instances.

7. Select Configure Cluster.

Expected outcome

AgentX operates in distributed mode with the selected Logpoints configured as a cluster. The master node manages agent registrations and coordinates the cluster. Worker nodes process logs from connected agents.

Verification

1. Go to Settings > Configuration > AgentX > Mode of Operation on the master node.

2. Verify that the mode shows as Distributed and the worker nodes appear in the cluster list.

3. On each worker node, go to Settings > Configuration > AgentX > Mode of Operation.

4. Verify that each worker node shows its status in the cluster.

Switch worker node to master

If you need to convert a worker node to a master node:

1. Go to Settings > Configuration > AgentX > Mode of Operation on the worker node.

2. Select Switch to master.

3. Select Yes in the confirmation dialog.

4. Select Configure Cluster to add other worker nodes to the new master.

Switch from distributed to standalone

To convert any node from distributed mode to standalone mode:

1. Go to Settings > Configuration > AgentX > Mode of Operation.

2. Select Standalone.

3. Select Yes in the confirmation dialog.

This disconnects the node from the cluster and configures it for standalone operation.

Configuration guidelines

Enable SOAR on the master node The master node executes automated response and SOAR commands across all agents in the cluster. Enable SOAR on the master node to access all collected logs and execute playbooks.

To enable SOAR:

1. Go to Settings > System Settings > System Settings

2. Select General

3. Select Enable SOAR in Logpoint

4. Select Save

Master node is critical for cluster operation If the master node fails, worker nodes continue processing logs but:

• New agents cannot register

• Automated responses cannot be executed

• Configuration changes cannot be synchronized

Plan for master node redundancy or quick failover.

Worker nodes handle log processing Distribute agents across worker nodes to balance processing load. Each worker node processes logs independently and forwards them to Logpoint for storage.

Certificates sync automatically When you configure distributed mode, AgentX automatically synchronizes SSL certificates (rootCA.pem) to all nodes in the cluster. You do not need to manually copy certificates.

Port 1516 must be open Worker nodes communicate with the master node on port 1516. Ensure firewalls allow TCP traffic on this port between all cluster nodes.

Next steps

• Configure load balancer with AgentX cluster

• AgentX modes of operation overview