Windows Event Forwarding redundancy and fault tolerance


Windows Event Forwarding redundancy and fault tolerance

E

Is there any documentation on fault tolerance design options for Windows Event Forwarding?
For example Windows clients forwarding to two Windows Event Collectors. If the event collectors are sending events to a SIEM via an agent how are duplicate events managed?
On the other hand what settings are recommended for Windows clients to cache events in the case that their only Windows Event Collector goes offline?
What are the recommended settings for the Windows Event Collectors in the case that the SIEM agent crashes on the WEC or the link from the agent to the SIEM Collector/aggregator goes down?
Tamas Lengyel

EdwardM4 - 2/18/2021
Is there any documentation on fault tolerance design options for Windows Event Forwarding?For example Windows clients forwarding to two Windows Event Collectors. If the event collectors are sending events to a SIEM via an agent how are duplicate events managed?On the other hand what settings are recommended for Windows clients to cache events in the case that their only Windows Event Collector goes offline?What are the recommended settings for the Windows Event Collectors in the case that the SIEM agent crashes on the WEC or the link from the agent to the SIEM Collector/aggregator goes down?

We have a new article about how to handle high availability with Supercharger.

https://support.logbinder.com/SuperchargerKB/50235/High-Availability-with-Supercharger

GO


Similar Topics


Reading This Topic


Login
Existing Account
Email Address:


Password:


Select a Forum....








LOGbinder Forum


Search