Exabeam Site CollectorExabeam Site Collector Guide

Table of Contents

Uninstall Exabeam Site Collector

It is assumed that logs are being held in queue, log collection or directed to another site collector (on a different host) while the uninstall process is happening. Otherwise, data loss will occur.

To uninstall the site collector, SSH to the host and apply the following command:

sudo ./site-collector-installer.sh -v --uninstall

# Or, uninstall in silent mode
sudo ./site-collector-installer.sh -v --uninstall -a

Uninstall a Legacy Site Collector

Once your Exabeam Site Collector has been established, you can uninstall legacy site collectors. During the uninstall process, there is a risk of data loss if ingest queues are not empty. An automatic uninstall script is available to minimize your risk:

  1. Download the original Exabeam Site Collector installation package, either from

    • Exabeam Community or

    • In Exabeam Data Lake, go to Settings > SaaS Management > SaaS Site Collectors > click the link in Step 1 of Installing the Site Collector.

  2. Place the downloaded in the /tmp directory of the legacy site collector host.

  3. Start a new terminal session using the an account with Administrator rights. Initiate a screen session. This is mandatory and will prevent accidental termination of your session.

    screen -LS [yourname]_[todaysdate]
  4. Go to the /binary directory and make uninstall-legacy-sc.sh executable.

    cd /binary
    chmod +x uninstall-legacy-sc.sh 
  5. Stop ingestion service for the legacy collector.

    sudo systemctl stop exabeam-lms-server
  6. Check for pending messages that need to be uploaded.

    sudo /opt/kafka/bin/kafka-consumer-groups.sh --group gcs --describe —bootstrap-server localhost1:9092 | grep lms.kafka.topic | awk "{ sum+=\$5} END { print sum}"
  7. Run uninstall script from the /binary directory.

    sudo ./uninstall-legacy-sc.sh