- Exabeam Site Collector
- Exabeam Site Collector Network Ports
- Exabeam Site Collector Specifications
- Install Exabeam Site Collector
- Upgrade Exabeam Site Collector
- Advanced Exabeam Site Collector Customizations
- Supported Exabeam Site Collector Changes
- Configure Transport Layer Security (TLS) Syslog Ingestion
- Direct Kafka Input to Exabeam Site Collector
- Add a Secondary Syslog Destination
- Remove a Syslog Destination
- Filter Incoming Syslog Events in Exabeam Site Collector
- Filtering Outbound Logs in Exabeam Site Collector
- Metadata Collected by Site Collector and Supported Agents
- Add OpenVPN After Exabeam Site Collector Installation
- Supported Exabeam Site Collector Changes
- Troubleshoot for Exabeam Site Collector
- Scenario 1: Collector or its status does not appear in the console and no logs reach destination
- Scenario 2: Collector is healthy but no logs are transmitted or received
- Scenario 3: Exabeam Advanced Analyticsunable to pull LDAP data
- Scenario 4: Kafka Google Cloud Storage (GCS) collectors have not appeared on Data Lake
- Scenario 5: If logs are not uploaded to GCS where logs are not on Data Lake
- Scenario 6: Unable to accept incoming syslog, active directory context, Splunk logs, or Incident Responder integrations
- Scenario 7: Cannot send after transport endpoint shutdown
- Scenario 8: Too many arguments in command /tools/config.parser.sh
- Other scenarios
- Capture Site Collector Diagnostics Using Exabeam Support Package
- Install and Upgrade Exabeam Site Collector for On-premises and Legacy Deployments
- Prerequisites
- Install Site Collector for Exabeam Data Lake On-premises Deployments
- Installing Site Collector for Exabeam Advanced Analytics On-premises Deployments
- Upgrade Site Collector for Exabeam Data Lake On-premises Deployments
- Upgrade Site Collector for Exabeam Advanced Analytics On-premises Deployments
- Uninstall Exabeam Site Collector
- Migrate to the New-Scale Site Collectors Service
- A. Glossary of Terms
Exabeam Site Collector
The Exabeam Site Collector is an application that securely and efficiently uploads event data to Exabeam SaaS services in the Exabeam Security Operations Platform.
At a high level, the Exabeam Site Collector collects messages; transfers, persists, and uploads data; and connects to Exabeam Security Operations Platform.
The Exabeam Site Collector is the managed entry point for logs to be routed to other processing tools, such as Exabeam Advanced Analytics, Exabeam Data Lake, Exabeam Incident Responder, and Exabeam Case Manager in the Exabeam Security Management Platform. Site collectors gather logs from external servers, systems, data centers, or Exabeam collectors (including Windows, File, and GZip).
The site collector routes collected logs to the Exabeam Security Management Platform. The site collector continuously queues and uploads logs as well as manages the forwarding rate and message backlog. Data is encrypted and compressed in transmission and while at rest in the Exabeam Security Operations Platform. A persistent connection to the Exabeam Security Operations Platform allows the site collector to connect to your assets such as Active Directory for context and authentication, access API for log repositories, and any Incident Responder actions.
You can deploy multiple site collectors as your log volume and sources grow. You can deploy them in any network, data center or virtual private cloud (VPC) as required. All SaaS service log data is collected via API using the Exabeam Security Operations Platform. See Install Exabeam Site Collector for prerequisites and restrictions.
Important
For information on configuring agent-based or server-side collectors, refer to the Exabeam Data Lake Collector Guide