Skip to end of metadata
Go to start of metadata

You are viewing an old version of this page. View the current version.

Compare with Current View Page History

« Previous Version 4 Next »


What is an XPLG Agent?
An agent is an instance of XpoLog that takes on the role of an agent.
When it becomes an agent, it transforms into a thin simple version that doesn't store data.
Other regular xpolog installations (like a XPLG Cluster) can ask the agent for logs and data.
The agents will provide that data and logs from various sources like PCs and servers.
In this approach, the XpoLog Cluster doesn't require permissions to directly communicate with all sources or pull information from each source. Instead, it communicates solely with the agent.
The agent possesses the necessary permissions to interact with the sources and deliver the required information. This setup enhances security and reduces overall network traffic.

image-20240925-141242.png


In which environments should we deploy the agent?
XpoLog Linux-based cluster, is unable to retrieve Logs from Windows machines directly.
This limitation doesn't apply in reverse; Windows can retrieve information from Linux.
As a result, the agent is often chosen to be Windows-based in most cases to address this discrepancy.
The windows XPLG agent can send those windows logs to the Linux cluster.
The communication between the agent and the Xpolog cluster occurs through HTTPS/HTTP protocols.

Flow:

  1. we configure the Xpolog cluster to be able to connect to the agent using a special account (address book pane)

  2. We configure the agent to be able to establish connections with sources and read logs when necessary.

  3. when the XPLG cluster requires the collection and updating of a log, (define In the connection policy ) the cluster will request the agent to perform this update. The agent, on behalf of the cluster, will establish contact with the source and transmit the data to the cluster. note: The agent doesn't save any log data; instead, it just verify that this log contains fresh information and send it over to the xpolog Cluster.

  • No labels