- Site Collector Overview
- Get Started with Site Collectors
- Install Site Collector
- Set Up Collectors
- Sign Up for the Early Access Program: Site Collectors
- Set Up Archive Windows Collector
- Set Up Archive Linux Collector
- Set Up EStreamer Collector
- Set Up Fortinet Collector
- Set Up IBM Security QRadar Collector
- Set Up Kafka Collector
- Set Up Splunk Collector
- Set Up Linux File Collector
- Set Up Microsoft SQL Collector
- Set Up MySQL Collector
- Set Up Oracle Collector
- Set Up Syslog Collector
- Set Up Windows Active Directory Collector
- Set Up Windows Event Log Collector
- Set Up Windows File Collector
- Manage Site Collectors
- Site Collector Monitoring
- Troubleshoot the Site Collector
- Pre-checks failed during Site Collector installation and upgrade
- Site Collector UI shows the status INSTALLATION_ERROR
- Download Support Packages for Troubleshooting
- How to reboot the Virtual Machine (VM) successfully to apply security updates?
- What information must be added while creating a support ticket to resolve an issue?
- Site Collector UI is not displaying the heartbeats
- Splunk Collector can't be set up
- Splunk Collector is set up however, logs are not reaching DL/AA
- Only a few of the installed Splunk Collectors are processing logs or EPS has dropped by 50% as compared to last hour
- The Windows Active Directory Collector (formerly known as LDAP Collector) is set up, however, the context data is not reaching DL/AA
- The Windows Active Directory Collector (formerly known as LDAP Collector) is stuck in the ‘Update’ mode after deployment
- Installation is initiated; however, the collector shows the status as ‘Setting Up’ for some time
- Data Lake and Advanced Analytics Does Not Show Context Data
- Context Data from Windows Active Directory Collector is Segmented
- Minifi Permission Denied - Logback.xml File Missing and Config File Update - Failed Error Occurred while Installing the Windows Event Log Collector
- Where should I upload proxy certificates if I am running proxy with TLS interception?
- How to upgrade Linux collector instance?
View Site Collector Error Notifications
The Exabeam Security Operations Platform provides you with error notifications and notifications for time sensitive security and health issues for Site Collectors via user interface to monitor the status and health of your collectors. For more information see Notifications.
The Exabeam Security Operations Platform notifications service provides:
Precise error messages with metadata for consistent, clear, and actionable notifications
Configurability to minimize notification noise
Filters for improved notification management
Inbox for enhanced notification review
Additional external messaging channels
View Notifications for Site Collectors
The Exabeam Security Operations Platform notifications service includes error notifications about the Site Collectors service. To view the collector notifications, click the notifications icon (
).
The Site Collector notifications are generated when an error occurs in log ingestion or volume for any of the Site Collector or collector instance.
To view notifications about Site Collector errors:
Log in to the Exabeam Security Operations Platform and click the Notifications icon (
) in the upper right corner.Click the Applications filter and select Cloud and Site Collectors.
The notifications relevant for Cloud and Site Collectors are listed.
To view error details, click the Site Collectors link in the error notification.
The specific collector instance displays error details.
Scroll down to view full details of the error and the recommended action to resolve the error.
For notification type Inactive Site Collector and Silent Log Source, error details are displayed as follows.
By default, these notifications are received in the application, but you can also choose to receive them via email. For more information, see Manage Notification Preferences.
To configure group notification delivery via Teams, Slack, or web hooks, see Manage Global Notification Preferences.
The following table displays the available collector notification types.
Notification Type
Description
Collector Error
Indicates cloud or site collector specific errors.
Indicates that log volume has decreased.
Indicates that there is an increase in log volume.
Site Collector Instance Certificate Expiration
Indicates that the security certificate has expired or may expire in two weeks.
Inactive Site Collector
Indicates that the collector instance has not collected any logs in the past four hors.
Filter Notifications
To view notifications based on categories, applications, and severities for site collectors, apply relevant filters.
Categories
Applications
Severities
Manage Preferences for Notifications
You can manage preferences to view notifications. Based on what notifications you want to see in the Your Notifications pane, you can turn on or turn off the notification types such as notifications for collector error or notifications for collector volume. To view the Personal delivery preferences page and set preferences for notifications on collector errors, click the Settings icon (
).
View Inbox for Notification Review
To view the site collector notifications received over the last 90 days, click the Inbox icon (
). You can view number of notifications classified as Critical, Warning, and Informational. You can apply various filters to the notification based on your preferences and requirement. You can also search for a particular notification. For more information see View Inbox.
