circle-info
Welcome to the new Logpoint documentation portal! Can’t find what you’re looking for?
Logpoint Documentationarrow-up-right
search

Configure distributed mode

Configure AgentX to operate in distributed mode with master and worker nodes for high availability and horizontal scaling.

hashtag
Prerequisites

  • AgentX Server installed on all Logpoint instances

  • AgentX Manager installed on all Logpoint instances

  • Multiple Distributed Logpoint instances available

  • Administrator access to all Logpoint instances

  • Network connectivity between all Logpoint instances on port 1516

hashtag
Procedure

  1. Go to Settings > Configuration on the Logpoint instance you want to designate as the master node.

  2. Select AgentX.

  3. Select Mode of Operation.

  4. Select Distributed.

  5. Select Yes in the confirmation dialog.

  6. Select the Distributed Logpoint instances to add as worker nodes. You can select multiple instances.

  7. Select Configure Cluster.

hashtag
Expected outcome

AgentX operates in distributed mode with the selected Logpoints configured as a cluster. The master node manages agent registrations and coordinates the cluster. Worker nodes process logs from connected agents.

hashtag
Verification

  1. Go to Settings > Configuration > AgentX > Mode of Operation on the master node.

  2. Verify that the mode shows as Distributed and the worker nodes appear in the cluster list.

  3. On each worker node, go to Settings > Configuration > AgentX > Mode of Operation.

  4. Verify that each worker node shows its status in the cluster.

hashtag
Switch worker node to master

If you need to convert a worker node to a master node:

  1. Go to Settings > Configuration > AgentX > Mode of Operation on the worker node.

  2. Select Switch to master.

  3. Select Yes in the confirmation dialog.

  4. Select Configure Cluster to add other worker nodes to the new master.

hashtag
Switch from distributed to standalone

To convert any node from distributed mode to standalone mode:

  1. Go to Settings > Configuration > AgentX > Mode of Operation.

  2. Select Standalone.

  3. Select Yes in the confirmation dialog.

This disconnects the node from the cluster and configures it for standalone operation.

hashtag
Configuration guidelines

Enable SOAR on the master node The master node executes automated response and SOAR commands across all agents in the cluster. Enable SOAR on the master node to access all collected logs and execute playbooks.

To enable SOAR:

  1. Go to Settings > System Settings > System Settings

  2. Select General

  3. Select Enable SOAR in Logpoint

  4. Select Save

Master node is critical for cluster operation If the master node fails, worker nodes continue processing logs but:

  • New agents cannot register

  • Automated responses cannot be executed

  • Configuration changes cannot be synchronized

Plan for master node redundancy or quick failover.

Worker nodes handle log processing Distribute agents across worker nodes to balance processing load. Each worker node processes logs independently and forwards them to Logpoint for storage.

Certificates sync automatically When you configure distributed mode, AgentX automatically synchronizes SSL certificates (rootCA.pem) to all nodes in the cluster. You do not need to manually copy certificates.

Port 1516 must be open Worker nodes communicate with the master node on port 1516. Ensure firewalls allow TCP traffic on this port between all cluster nodes.

hashtag
Next steps

Last updated

Was this helpful?