Configuring Log Processors

Overview

This page covers the prerequisites for deploying Log Processors, how to configure them, and the steps to add both primary and additional Log Processors.

Pre-requisites

Before adding a Log Processor, ensure the following basic requirements are met:

• At least one Log Processor node of the same version is available and running.
  NOTE

  If the primary server has multiple network interfaces, follow these steps to select the interface for cluster communication.

  • In your account, navigate to Settings tab.
  • Under System Settings, select Connection Settings.

    

  • Click Advanced, and in the Bind Address dropdown select the appropriate network interface (IP address) that the new Log Processor will use to connect to the primary server.

    

  • Click Save Settings.
• A common database is configured.
• A shared storage location is configured for:
  • Archive policies

    NOTE The archive policy location must be changed from a local path to a shared storage location or S3.

  • Elasticsearch archive data
  • Communication across processors
• Existing archive ZIP files are moved from local storage to the newly configured shared path.

Configuring pre-requisites

1. Log in to your account.
2. Go to the Settings tab.
3. Under Admin Settings, navigate to Enterprise Essentials and select Log Processors.
4. Click Add Log Processor.

   

5. In the setup window that appears, click Proceed to begin the configuration.
   NOTE

   1. Review all the steps shown in the pop-up window carefully and ensure they are completed before clicking Proceed.
   2. Verify that the Server Name, port, and Administrator credentials of the Log360 instance are entered accurately, as these details are mandatory for integrating the log processor with the main processor cluster.

   

   To proceed with adding a Log Processor, the following prerequisites must be configured:

6. A common database must be configured.

   NOTE Refer to this help document to configure the common database.

7. A shared storage location must be set up for communication across processors.
   • Click Configure next to the prerequisite to open the shared storage setup window.

     

   • Enter the shared storage location that is accessible and available to all Log Processors to prevent disruptions in data processing.

     

   • Enter the username and password.

     

   • Click Verify Credentials to validate access.

     

   • Once verified, click Save to complete the configuration.

     

   • After configuration, select Update to modify the shared storage path or credentials.

     

   • Select Update to save the changes.

     

8. A shared storage location must be set up for the Elasticsearch archive.

   NOTE The product uses the configured shared storage path to store data that exceeds the Elasticsearch retention period. Ensure the path is accessible to all Log Processors. If the storage is unavailable, it can affect archiving and log retrieval.

   For Windows systems:

   • Click Configure next to the prerequisite to open the Elasticsearch Archive Data Path window.

     

   • Select the checkbox if existing data has been manually moved to the shared location.

     NOTE If you have existing data under <Log360 _HOME >\ES\archive, move that data to the same shared path before configuring. If there's no existing data, you can directly enter a new shared location.

   • Enter the location path to the shared archive directory.

     

   • Enter the Username and Password.
   • Click Verify Credentials to validate access
   • Click Save to complete the configuration.
   • After completing the configuration, click Update to modify the shared storage path for the Elasticsearch archive, if needed.

   For Linux systems:

   • Click Configure next to the prerequisite to open the Elasticsearch Archive Data Path window.
   • Select the checkbox if existing data has been manually moved to the shared location.

     NOTE If you have existing data under \ES\archive, move that data to the same shared path before configuring. If there's no existing data, you can directly enter a new shared location.

   • Enter the location path to the shared archive directory.
   • Select the Auth Type from the dropdown menu: NFS or SMB.
   • In case of SMB, enter the Username and Password required to access the shared storage.

     NOTE In case of NFS, credentials are not required.

     

   • Click Save to complete the configuration.
   • After completing the configuration, click Update to modify the shared storage path for the Elasticsearch archive, if needed.
9. The archive ZIP location must be set to a shared path, not a local one.

   NOTE If the archive ZIP location is already configured to a shared path or S3, you can skip the steps below. If not, follow the steps to update the configuration.

   • Click Configure next to the prerequisite to open the Archive Settings window.

     

   • Under Archive ZIP Location, choose Shared, and enter the shared network path.

     NOTE For each archive policy, the archive ZIP location must be set to a shared path or S3.

   • Click Save to apply all configured settings.

     

   • After completing the configuration, click Update to modify the shared storage path for the archive ZIP, if needed.

     NOTE If local storage was previously used for archiving, any existing archive ZIP files must be moved manually to the configured shared path.

10. Any existing archive ZIP files must be moved from local storage to the shared path.
    • Click Configure next to the prerequisite.
    • In the Archive Data - Update Paths window, select the checkbox Existing archives have been manually moved to the shared storage location only if the archive files have been manually transferred to the shared path.

      

    • In the Old archive location dropdown, select the previous archive path.
    • In the Archives moved location field, enter the shared storage path where the archive files were moved.

      NOTE The number of file entries is shown beside the old and new archive paths. Ensure they match to confirm a successful migration.

      

    • Click Update to apply the changes.
    • After completing the configuration, click Update to modify the shared storage path for existing ZIP files, if needed.

Adding a primary processor

Once the prerequisites are configured, follow the steps below to add a new Log Processor:

1. In the Add Log Processor window, fill in the following:
   • Server URL: Choose the protocol (HTTP/HTTPS), enter the server name, and port.
   • Enter the Admin Username and Admin Password for the Log Processor.
2. Click Configure to complete the setup.

   NOTE The primary Log Processor, usually the first one added cannot be deleted.

   

   NOTE The Log Processor server will restart automatically and be added to the Log Processor cluster. Once restarted, the Log Processor will be fully configured and ready for log processing.

Adding additional Log Processors

1. In your account, go to the Settings tab and select Admin.
2. Navigate to Enterprise Essentials and select Log Processor.
3. In the top-right corner, click Add Log Processor.

   

4. In the Add Log Processor window, fill in the following:
   • Server URL: Choose the protocol (HTTP/HTTPS), enter the server name, and port.
   • Enter the Admin Username and Admin Password for the Log Processor.
5. Click the Advanced Settings dropdown for additional configuration options.

   

   NOTE When adding a Log Processor, you can only enable or disable existing roles using the Advanced Settings. Refer to this section to add and manage custom roles.

6. In the Associated Roles field, use the drop-down to select the roles you want this Log Processor to handle.
   • Default roles include: Processing Engine, Correlation Engine, and Kafka Engine, and more.
   • Custom roles include: Log Forwarding, Alerts, and more.

   NOTE Only the selected roles will be assigned to the Log Processor.

   

7. To disable a role, uncheck the box next to the role you wish to disable.

   

8. In the confirmation pop-up window that appears, click Disable to confirm.

   

9. Click Configure to add the Log Processor.

   

Read also:

This document explained how to configure Log Processors. For a complete overview of architecture and management, refer to the following articles:

• Overview
• Managing Log Processors