Documentation - Exabeam Site Collector
- Network Ports
- Install the Exabeam Site Collector
- Filtering Incoming Syslog Events in Exabeam Site Collector
- Filtering Outbound Logs in Exabeam Site Collector
- How to Direct Kafka Input to Exabeam Site Collector
- Supported Exabeam Site Collector Changes
- Troubleshoot the Exabeam Site Collector
- Capture Site Collector Diagnostics Using Exabeam Support Package
- Scenario 1: No logs are transmitted nor received
- Scenario 2: Kafka Google Cloud Storage (GCS) collectors have not appeared on Data Lake UI
- Scenario 3: If logs are not uploaded to GCS where logs are not on Data Lake
- Scenario 4: Unable to accept incoming syslog, active directory context, Splunk logs, or Incident Responder integrations
- Scenario 5: Unable to pull LDAP from SaaS
- Scenario 6: Cannot send after transport endpoint shutdown
- Scenario 8: Too many arguments in command /tools/config.parser.sh
- Other scenarios
- How to Migrate to New Exabeam SaaS Site Collector
- How to Uninstall Exabeam Site Collector
- Exabeam Site Collector Services
Supported Exabeam Site Collector Changes
For a list of all options, use site-collector-installer.sh --help.
Below are supported changes you can make. For other changes, please contact your Exabeam Technical Account Manager.
Operating System updates
Site Collector server IP changes
Once the IP of the server has been changed, edit the below line appropriately in this file:
/opt/kafka/config/server.propertiesadvertised.listeners=EXTERNAL_PLAINTEXT://MYIP:9092, EXTERNAL_SSL://MYIP:9093, INTERNAL_SSL://localhost:9094Then, restart Kafka:
sudo systemctl restart kafka
Log retention change (default is 24 hours)
Edit the below line appropriately in this file:
/opt/kafka/config/server.propertieslog.retention.hours=24Then, restart Kafka:
sudo systemctl restart kafka
RAM allocation to logstash
Edit the below lines appropriately in this file:
/opt/logstash/config/jvm.options-Xms16g-Xmx16g
Then, restart Kafka:
sudo systemctl restart logstash
RAM allocation to Kafka
Edit the numbers before the 'G' in this file:
/opt/kafka/bin/kafka-server-start.shexport KAFKA_HEAP_OPTS="-Xmx5G -Xms5G"Then, restart Kafka:
sudo systemctl restart kafka