Sending Windows Logs To XPLG Using An Agent

What is an XPLG Agent?
An agent is an instance of XpoLog that takes on the role of an agent.
When it becomes an agent, it transforms into a thin simple version that doesn't store data.
Other regular xpolog installations (like a XPLG Cluster) can ask the agent for logs and data.
The agents will provide that data and logs from various sources like PCs and servers.
In this approach, the XpoLog Cluster doesn't require permissions to directly communicate with all sources or pull information from each source. Instead, it communicates solely with the agent.
The agent possesses the necessary permissions to interact with the sources and deliver the required information. This setup enhances security and reduces overall network traffic.

Open

In Which Environments Should We Deploy The Agent?
XpoLog Linux-based cluster, is unable to retrieve logs from Windows machines directly.
This limitation doesn't apply in reverse; Windows can retrieve information from Linux.
As a result, the agent is often chosen to be Windows-based in most cases to address this discrepancy.
The windows XPLG agent can send those windows logs to the Linux cluster.
The communication between the agent and the Xpolog cluster occurs through HTTPS protocol.

Flow:

1. We configure the Xpolog cluster to be able to connect to the agent using a special account (address book pane)

2. We configure the agent to be able to establish connections with sources and read logs when necessary.

3. when the XPLG cluster requires the collection and updating of a log, (define In the connection policy ) the cluster will request the agent to perform this update. The agent, on behalf of the cluster, will establish contact with the source and transmit the data to the cluster. note: The agent doesn't save any log data; instead, it just verify that this log contains fresh information and send it over to the xpolog Cluster.

How To Create An Agent Account?

To create an agent account, kindly follow these steps:

1. Go to the XPLG (Cluster) web interface.

2. In the left navigation panel, select PortX > Data > Account.

3. Click the New Account button. Choose Remote XpoLog.

4. Enter a name and fill in the details under the Account Login Details section.

5. In the Advanced Settings section make sure Enable remote configuration synchronization is ticked.

6. Press Verify. If you see a green success message, click Save. If not, double-check the details or network connectivity.
   
   

How to Activate agent mode?

To activate agent mode, follow these steps:

1. Navigate to PortX > Settings > System Settings in the XPLG that we would like to become an agent

2. Check the Activate Agent Mode option.

3. Click the Save button to apply changes. The system will automatically reboot.

Once you enable the agent mode, you will see a popup message indicating that some functionality may be disabled and all file sizes will be set to 0.

How to add logs from a remote XPLG agent ?

First, add logs to the agent using the same regular methods of adding logs.
Note that the log size will be set to 0, as the agent does not store any data.
Next, go to the cluster and add a new log from type called 'Remote XpoLog.'
Choose the agent account that we created.
This will display the agent's folders and logs section, and now simply select the log that the cluster should retrieve from the agent.

• Add a new log source to the agent:

  • Navigate to portX > Data > Add Data > Local.

  • Click the Browse button and select the log file.

  • Click the Add Log button.

  • Click Save, then Save and Close.

• Log in to the cluster:

  • Go to portX > Data > Add Data.

  • Select Add Log and choose the Remote XpoLog and the account you created.

  • Click the Browse button, select the desired log file, and click Save.

Agent License

We typically apply a more limited license for the agent, since the agent does not need use all of the XPLG features. Please contact XPLG to obtain the appropriate license.