Skip to end of metadata
Go to start of metadata

You are viewing an old version of this page. View the current version.

Compare with Current View Page History

« Previous Version 11 Next »

Background

While XpoLog is fully functional as an agentless application, i.e.. you can install it anywhere in the environment and import logs into its platform, it is also possible to install XpoLog as an agent or structure the deployment to several instances for several reasons which are specified below. If you choose to run multiple instances of XpoLog in the environment, it is possible to connect the different instances over HTTP/S (XpoLog to XpoLog).

When should XpoLog to XpoLog usage be considered?

There are several key reasons to consider installing multiple instances of XpoLog to manage an environment:

  • Inaccessible network segments – Sometimes, when logs are collected from multiple network segments, there is no direct access between the location of the centralized XpoLog to other network segments (for instance, different domains in Windows). 
  • Data load balancing (Map Reduce) – In cases where a regular cluster is insufficient, it is possible to manage several XpoLog instances of several separate machines, and each will be managing a selected group of logs, and on top of all instances, there will be an instance which users can access to view all logs from all instances.
  • Keeping main console on Linux in a mixed Linux/Windows environment – In case the main XpoLog instance runs on Linux/Solaris, but there is a need to add logs from Windows machines (Windows event logs, logs on shared locations, Windows machines), it is mandatory to deploy a Windows instance of XpoLog which will be able to manage all logs from Windows machines and connect it to the centralized XpoLog instances.
  • Different data centers – Organizations which manage multiple data centers may consider an XpoLog cluster/instance per data center to get optimized connectivity and performance within each data center and then connect all data centers instances to a centralized XpoLog instance for the users.
  • Need of an agent to collect data – While XpoLog is completely agentless, in cases where there is no available connectivity to the sources with the standard protocols, it is recommended to install XpoLog as an agent on the remote source and collect the data from this source using an XpoLog to XpoLog HTTP/S protocol. The agent is also required for Log Synchronization to collect data from agents into a central repository.

How to install a remote XpoLog?

Remote XpoLog installation is a regular installation , only with select features activated. For example, if the remote XpoLog is used only to collect data and do indexing, Analytics should be disabled on it. In case a Map Reduce / Different data centers deployment is required, the remote XpoLog is fully functional and all its log processing will be done independently. If the remote XpoLog is only used for Log Synchronization then under XpoLog Manager > Settings > General, 'Agent mode' should be checked.

How to connect between XpoLog instances?

In order to connect XpoLog instances and add the remote XpoLog's log to the centralized XpoLog instance, first ensure that there is communication over HTTP/S on the port which is used to run XpoLog between the instances:
  1. Go to XpoLog>Tools>Address Book, and add a remote XpoLog account with all the required details (a user name and password are also required if security is activate on the remote XpoLog).
  2. To add logs which are configured on the remote XpoLog follow information here: Adding Data to the XpoLog PlatformAdding a Log to XpoLog
  3. To use the agent for a LogSync task, see Log Synchronization

 

  • No labels