A Distributed Collector, also called Logpoint Collector, collects, normalizes, and forwards logs to a remote Logpoint. The remote Logpoint then configures the sources and storage locations for the logs. Since Logpoint Collector is used only to collect and forward logs, it does not contain the Dashboard, Search, and Report sections. Before configuring a Logpoint Collector, you must enable Open Door in the remote Logpoint. For details, see the Open Door section.
Log in to the Logpoint you want to add as a Collector.
go to Settings >> System Settings from the navigation bar and click System Settings.
Click Modes of Operation.
Enable Is this LogPoint Collector Installation?.
Enable Buffering to store data locally during network disruptions and have access to it once the network is restored.
Click Save.
Go to Settings >> Configuration from the navigation bar and click Remote Logpoint.
Enter the IP address or DNS Name of the remote Logpoint.
Enter the Password and Private IP provided while enabling Open Door.
Click Submit.
You can find the Logpoint Collector listed under Settings >> Configuration >> Distributed Collector in the remote Logpoint.
Remote Logpoint Distributed Collector¶
To determine the devices from which a Distributor Collector collects logs, you need to add devices in the remote Logpoint.
To add a device:
In the remote Logpoint, go to Settings >> Configuration from the navigation bar and click Devices.
At the top-left, click ADD.
Adding Distributed Collector¶
Enter Name, Device Address(es), Device Groups, and Log Collection Policy.
In Distributed Collector, enter the Logpoint Collector’s name.
Select your Time Zone.
Click Submit.
For more details, go to Adding a Device.
To view the added devices, go to View Devices in the Logpoint Collector.
Viewing Devices¶
Note
To identify the logs collected and normalized through a Logpoint Collector, use the system-defined field collected_at in the search query.