Background
Xpolog site A intends to retrieve logs from different locations within site B. Due to the company's information security policy, access to site B is restricted. To address this, an agent is employed to gather logs across all sections of site B. Xpolog talks with the agent to extract logs, ensuring the required access level is maintained.
what is the Agent? An agent is an instance of XpoLog that takes on the role of an agent. When it becomes an agent, it transforms into a thin simple version that doesn't store data. other regular xpolog installations (like a XPLG Cluster) can ask the agent for logs and data. the agents will provide that data and logs from various sources like PCs and servers. In this approach, the XpoLog Cluster doesn't require permissions to directly communicate with all sources or pull information from each source. Instead, it communicates solely with the agent. The agent possesses the necessary permissions to interact with the sources and deliver the required information. This setup enhances security and reduces overall network traffic.
Furthermore, XpoLog Linux-based cluster, is unable to retrieve information from Windows machines. This limitation doesn't apply in reverse; Windows can retrieve information from Linux. As a result, the agent is often chosen to be Windows-based in most cases to address this discrepancy (אִי הַתְאָמָה). both Xpolog versions, whether Linux or Windows-based, are capable of receiving log data from machines operating on either Linux or Windows. The communication between the agent and the Xpolog cluster occurs through HTTPS/HTTP protocols.
Flow:
we configure the Xpolog cluster to be able to connect to the agent using a special account (address book)
We configure the agent to be able to establish connections with sources and read logs when necessary.
when the XPLG cluster requires the collection and updating of a log, (define In the connection policy ) the cluster will request the agent to perform this update. The agent, on behalf of the cluster, will establish contact with the source and transmit the data to the cluster. note: The agent doesn't save any log data; instead, it just verify that this log contains fresh information and send it over to the xpolog Cluster.