If you have determined that you require a local collector then follow the steps below to learn what you need to get started, create configure and download a local collector from the Samurai application and ensure it is working as expected.
- Take a moment to understand what you need to get started
- Create, configure and download a Collector
- Install a Collector
- Validate Collector Status
- Collector Status Notifications
- What's next?
- Deleting a Collector
What you need to get started
- Access to the Samurai application and your specific tenant
- A hypervisor to run the virtual machine, for example VMware vSphere or Microsoft Hyper-V
- View virtual machine requirements below
- Ensure to make any necessary updates to comply with the collectors connectivity requirements
- A static IP address for the collector and DNS server IP addresses unless you decide to use DHCP
- Access to your products to make necessary changes outlined within the relevant integration guide
Minimum Virtual Machine Requirements
The following machine requirements will support up to 15K events per second (EPS).
Connectivity required for the Collector
The collector requires connectivity to resources outlined within the table below, you may need to update your security controls e.g firewall to allow this connectivity.
|All regular backend communication, telemetry|
|Used for remote administration of collector (this is not mandatory and used when troubleshooting)|
Client infrastructure (NTP server(s)) if configured in Samurai app
|DNS||UDP||53||Collector||Client infrastructure (DNS server(s)) or external DNS servers (based on your collector configuration)||Domain name resolution|
|Ubuntu updates||TCP||80, 443||Collector||archive.ubuntu.com||Ubuntu software repository|
*.docker.com (private container registry)
docker.io (private container registry)*.docker.io (private container registry)
|Private container registry|
|Amazon Cloud dependencies||
|Amazon CDN used by Collector API|
|Amazon Cloud storage (this is not mandatory and used when troubleshooting)|
(based on product - see Integration guide)
|Frequent data transfer (based on product)|
Create, Configure and Download a Collector
1. From your Samurai application tenant, select Telemetry > Collectors in the main menu
2. Select Create Collector
3. Complete the fields as required.
|Name||A nickname for the collector
|Description (Optional)||A description of your collector, this could be the property name where installed
|Location (Optional)||Useful if you have collectors in multiple locations
|Hostname||A hostname for your collector
|Proxy Server IP (Optional)||Optional HTTP proxy IP address
|NTP Servers (Optional)||Input your own NTP server IP addresses|
|DHCP or Static||Determine whether the collector will use DHCP or specify your own static IP address and network information|
4. Select Create Collector once you have completed all relevant fields
5) Select the Collector you created by clicking the Name used in Step 2
6) Select Download
- The files you need to download are based on your Hypervisor. The options available for download are:
- iso - configuration file for your collector, this file is always required
- ova - virtual machine that the collector will run (includes disk image) for VMware
- vmdk - disk image (not needed if using the ova)
- vhdx - virtual hard disk format used for Hyper-V
7) Download the iso configuration file and also the relevant file needed for your hypervisor.
Note: if you are creating multiple collectors, you only need to download the ova file once and can use it multiple times, the important file per collector is the configuration file (iso).
Install a Collector
Based on your hypervisor follow the relevant section:
Follow the documentation from VMware:
- When asked to provide a virtual machine name, we suggest samurai-nttsh-collector
- Be sure to select the .ova file you downloaded when asked for the file to deploy your virtual machine from.
Once complete follow the VMware article to configure a datastore ISO file
- Be sure to select the .iso file you downloaded when asked to select file
The VM is now ready to be powered on.
Note: the .iso file must be mounted at first boot to configure the Collector. Once you have validated the Collector status is Healthy in the Samurai application you must ensure the .iso is dismounted.
Follow the documentation from Microsoft:
- When asked to provide a virtual machine name, we suggest samurai-nttsh-collector
- Use the Virtual Machine Requirements when configuring memory and network
- When asked to Connect Virtual Hard Disk ensure to use the .vhdx file you previously downloaded
- For Installation Options ensure you use the .iso file you previously downloaded
Once you have completed setup of your Collector you should ensure it is running and validate the status within the Samurai application, upon initial setup this can take a little while.
Validate Collector Status
1) Select Telemetry > Collectors from the left-hand menu
2) Select the relevant Collector from the presented list
3) View Status
|Offline||Collector created but not online|
||Collector has been online but no longer available
|Healthy||Collector deployed and deployed add on components (including) Integrations and/or Evidence Fetchers)|
|Not-Healthy||Component(s) deployed on the Collector not healthy|
|Provisioning||Collector is in setup|
After you provision a Collector VM and start it, it will go through a process of installing updates and modules specified in the configuration ISO file which you downloaded. The time taken for this process is dependent on factors like the speed of the hardware you are running the Collector on and connectivity to the repositories that it downloads updates from. In some cases this process can take around 30 minutes.
The Collector may show as "Offline" during the initial provisioning steps. This is not any cause for alarm.
If you have any problems, please submit a request via the Samurai Help Center!
Collector Status Notifications
Samurai will send email notifications to registered application users should your Local Collector status change from Healthy to Not-Healthy or Unavailable. Once any issues have been resolved, you will also be notified again when a Healthy status is reached.
If your Local Collector be restarted, during final startup you may notice the Status change from Healthy to Not-Healthy, this is not cause for alarm as this typically occurs for a short period of time as processes restart. Once complete your Local Collector status will be displayed as Healthy.
You should now have a collector running within your environment!
The next step is to start configuring integrations which will allow us to start receiving your telemetry data.
Select Integrations Overview for more information on integrations and where to start.
If you require high availability for your collector, this can be achieved using the capabilities of your virtualization platform.
Deleting a Collector
If you delete a local collector it cannot be reversed! In addition, all of your integrations related to the local collector will also be deleted!
If you need to delete a local collector you can do so by following the steps below:
- From your Samurai application select Telemetry > Collectors
- Find the relevant collector from your list
- On the right hand side of the relevant collector, click on (more options) and select Delete Collector
- The following warning will appear: 'Warning: This is a destructive action and cannot be reversed.'. To ensure you intended to delete the collector you will need to type in the 'Collector Name' and select Delete Collector
Replacing a Collector
If for some reason a Local Collector VM is lost due to corruption or damage, such as in the case of a major disk storage failure, you may need to replace your Collector. If this happens, you will need to delete the old Collector in the Samurai UI, discard your old Collector VM image and then create a new Collector using the process described to Install a Collector.
- If you need to replace a Collector VM, you cannot re-download the installer ISO for an existing Collector and redeploy it. You must delete the old Collector and replace it with a new one.
- You can re-use the same IP address as your old Collector. This allows you to replace a Collector without re-configuring any log sources which were sending logs to the old Collector.
- When replacing a Collector, any Integrations which were automatically detected and attached to the original Collector will be automatically detected and attached to the new Collector.
- Once you have created the new Collector, you will need to add any Integrations which you were previously using and which you had to previously manually add to the old Collector.
Article is closed for comments.