Skip to main content
Skip table of contents

Log Sources and Agents

Log sources can be moved from one active agent to another. State information is centrally managed, in addition to being stored locally. Usually, the state files do not need to be manually moved from the current Agent to the new Agent.

Log Sources can be moved via the Client Console under the following conditions:

  • The current Agent can be any version.
  • The new Agent must be version 6.0 or newer.
  • If log sources are moved while both the source and target agents are running, there may be some data duplication as overlapping of logs could be collected. The overlapping should be limited to one MaxMsgCount.

Supported with centralized state:

  • UDLA
  • 2003/XP Event Log (local/remote)
  • 2008/2008R2/Vista Event Log (local/remote)
  • SDEE
  • Qualys
  • Nessus
  • Metasploit
  • Retina & RetinaCS
  • eStreamer
  • Nexpose
  • NetApp Event Log

Not supported with centralized state:

  • Check Point
  • Flat file Sources
  • Syslog
  • NetFlow
  • IPFIX
  • J-Flow
  • SNMP Traps
  • sFlow
  • Other System Message Sources (FIM, UAM, NCM, PM, DLD)
  • *NIX
JavaScript errors detected

Please note, these errors can depend on your browser setup.

If this problem persists, please contact our support.

Contact Support Close