- Exabeam Site Collector
- Exabeam Site Collector Network Ports
- Exabeam Site Collector Specifications
- Install Exabeam Site Collector
- Upgrade Exabeam Site Collector
- Advanced Exabeam Site Collector Customizations
- Supported Exabeam Site Collector Changes
- Configure Transport Layer Security (TLS) Syslog Ingestion
- Direct Kafka Input to Exabeam Site Collector
- Add a Secondary Syslog Destination
- Remove a Syslog Destination
- Filter Incoming Syslog Events in Exabeam Site Collector
- Filtering Outbound Logs in Exabeam Site Collector
- Metadata Collected by Site Collector and Supported Agents
- Add OpenVPN After Exabeam Site Collector Installation
- Supported Exabeam Site Collector Changes
- Troubleshoot for Exabeam Site Collector
- Scenario 1: Collector or its status does not appear in the console and no logs reach destination
- Scenario 2: Collector is healthy but no logs are transmitted or received
- Scenario 3: Exabeam Advanced Analyticsunable to pull LDAP data
- Scenario 4: Kafka Google Cloud Storage (GCS) collectors have not appeared on Data Lake
- Scenario 5: If logs are not uploaded to GCS where logs are not on Data Lake
- Scenario 6: Unable to accept incoming syslog, active directory context, Splunk logs, or Incident Responder integrations
- Scenario 7: Cannot send after transport endpoint shutdown
- Scenario 8: Too many arguments in command /tools/config.parser.sh
- Other scenarios
- Capture Site Collector Diagnostics Using Exabeam Support Package
- Install and Upgrade Exabeam Site Collector for On-premises and Legacy Deployments
- Prerequisites
- Install Site Collector for Exabeam Data Lake On-premises Deployments
- Installing Site Collector for Exabeam Advanced Analytics On-premises Deployments
- Upgrade Site Collector for Exabeam Data Lake On-premises Deployments
- Upgrade Site Collector for Exabeam Advanced Analytics On-premises Deployments
- Uninstall Exabeam Site Collector
- Migrate to the New Scale Site Collectors Service
- A. Glossary of Terms
Uninstall Exabeam Site Collector
It is assumed that logs are being held in queue, log collection, or directed to another site collector (on a different host) while the uninstall process is happening. Otherwise, data loss will occur.
To uninstall the site collector, SSH to the host and apply the following command:
sudo ./site-collector-installer.sh -v --uninstall # Or, uninstall in silent mode sudo ./site-collector-installer.sh -v --uninstall -a
Note
After a site collector is uninstalled, it may continue to be listed on the Collector Management page in the Data Lake application until it has been inactive for 15 days. If a record of the collector is still displayed on the page after 15 days, it can be manually removed. For more information, see Remove an Uninstalled Collector from the Collector Management Page.
Remove an Uninstalled Collector from the Collector Management Page
After a log collector is uninstalled, it may continue to be listed on the Collector Management page until it has been inactive for 15 days. If a record of the collector is still displayed on the page after 15 days, it can be manually removed.
Note
This procedure does not uninstall or deactivate collectors. It should only be carried out on collectors that have already been uninstalled for more than 15 days.
Navigate to Settings > Collector Management > Collectors.
Select the checkbox for the collector that you want to remove.
From the Actions drop-down menu, click Remove.
From the Remove Collectors dialog, click Remove.
If the collector has been uninstalled for more than 15 days, the collector is removed from the Collectors Management page. If the collector has not been uninstalled for more than 15 days, the following message displays: "The agent cannot be removed at this time because it has been active within the last 15 days."