Exabeam Site CollectorExabeam Site Collector Guide

Uninstall Exabeam Site Collector

It is assumed that logs are being held in queue, log collection or directed to another site collector (on a different host) while the uninstall process is happening. Otherwise, data loss will occur.

To uninstall the site collector, SSH to the host and apply the following command:

sudo ./site-collector-installer.sh -v --uninstall

# Or, uninstall in silent mode
sudo ./site-collector-installer.sh -v --uninstall -a

Uninstall a Legacy Site Collector

Once your Exabeam Site Collector has been established, you can uninstall legacy site collectors. During the uninstall process, there is a risk of data loss if ingest queues are not empty. An automatic uninstall script is available to minimize your risk:

  1. Download the original Exabeam Site Collector installation package, either from

    • Exabeam Community or

    • In Exabeam Data Lake, go to Settings > SaaS Management > SaaS Site Collectors > click the link in Step 1 of Installing the Site Collector.

  2. Place the downloaded in the /tmp directory of the legacy site collector host.

  3. Start a new terminal session using the an account with Administrator rights. Initiate a screen session. This is mandatory and will prevent accidental termination of your session.

    screen -LS [yourname]_[todaysdate]
  4. Go to the /binary directory and make uninstall-legacy-sc.sh executable.

    cd /binary
    chmod +x uninstall-legacy-sc.sh 
  5. Stop ingestion service for the legacy collector.

    sudo systemctl stop exabeam-lms-server
  6. Check for pending messages that need to be uploaded.

    sudo /opt/kafka/bin/kafka-consumer-groups.sh --group gcs --describe —bootstrap-server localhost1:9092 | grep lms.kafka.topic | awk "{ sum+=\$5} END { print sum}"
  7. Run uninstall script from the /binary directory.

    sudo ./uninstall-legacy-sc.sh