Skip to main content

Collectors

Adding a Collector

Fluency appliances use a Server/Collector model to collect and process data.

Login to the Fluency Cloud portal: https://(companyname).cloud.fluencysecurity.com.

Collectors are managed in the Collector section under the Configuration section of the menu.

Adding a Remote Collector is a two-step process that requires configuration on both the Server and the Collector appliance.

On the Server side, an unique Token is generated for the Collector through the Web interface. On the Collector side, this Token, as well as the hostname or IP address of the Server appliance, must be entered into the appliance via a local Terminal or SSH, as Collector appliances do not have their own web interface and are managed exclusively through the Server appliance after initial setup.

On the Collector configuration page, click the "+ COLLECTOR" button.

Give this Remote Collector appliance a unique name, along with a brief description. This name is used in communication between the Server and Collector appliance(s) via the FSL (Fluency Secured Link). Press "+ ADD" when finished.

A Remote collector is added. Notice that the status indicator is grey. This is expected, as the Collector appliance is yet to be configured.

Make a note of the unique Token that is shown for a particular Collector. It will be needed for configuration on the Collector side, in the next step.

Note: A Fluency Server appliance can support multiple Remote collectors.

Event Import Configuration

Event Import on the Collector side is configured on a per-collector basis, and once a Collector is configured/connected with the server, it is accessed through the "CONFIG" button (GEAR icon) on the rightmost column ("Action") of the Collector table.

Syslog Event import can be enabled on a specified port for both TCP and UDP. Select the desired options and click the "+ ADD PORT CONFIGURATION" button.

Repeat to add another entry if desired.

Note: Fluency appliance has the ability to accept and parse a variety of input formats (within the Syslog protocol). It is possible that your particular device provides output in a format that Fluency can already use. When exporting data from your device, choose the JSON (preferred) or CEF formats for export whenever possible.

Page last updated: 2023 Aug 05 14:57:37 EDT