Link Search Menu Expand Document

Collectors

Adding a Collector

Fluency appliances use a Server / Collector model to collect and process data. Collectors are managed in the “Collector” section under the “Configuration” section of the menu. Adding a Remote Collector is a two-step process that requires configuration on both the Server and the Collector appliance.

On the Server side, a unique Token is generated for the Collector through the Web interface. On the Collector side, this Token, as well as the hostname or IP address of the Server appliance, must be entered into the appliance via a local Terminal or SSH, as Collector appliances do not have their own web interface and are managed exclusively through the Server appliance after initial setup.

On the Collector configuration page, click the “+ COLLECTOR” button.

Give this Remote Collector appliance a unique name, along with a brief description. This name is used in communication between the Server and Collector appliance(s) via the FSL (Fluency Secured Link). Press “{\bfseries +} ADD” when finished.

A Remote collector is added. Notice that the status indicator is “RED”. This is expected, as the Collector appliance is yet to be configured.

A Fluency Server appliance can support multiple Remote collectors.

Make a note of the unique Token that is shown for a particular Collector. It will be needed for configuration on the Collector side, in the next step.

Event Import Configuration

Fluency will parse and correlate imported event data with network traffic data. The parsed event will be merged into the corresponding metaflow record, so the user can search/review all associated information from one location.

collector conf

Event Import is configured on a per-collector basis, and once a Collector is configure/connected with the server, it is accessed through the “CONFIG” button.

collector conf event

Syslog Event import can be enabled on a specified port for both TCP and UDP. Select the desired options and click the “+ ADD” button. Repeat to add another entry if desired.

NOTE: A corresponding Firewall rule for the specified port should be opened. Refer to the section on Firewall Configuration for more information.

Fluency appliance has the ability to accept and parse a variety of input formats (within the Syslog protocol, for instance). It is possible that your particular device provides output in a format that Fluency can already use. When exporting data from your device, choose the JSON (preferred) or CEF formats for export whenever possible.


Table of contents