- 1) Download the actual version of the RuSIEM agent for Windows from the 'Sources' section
- 2) Install the RuSIEM agent for Windows
You can install the agent by running the msi package directly on the source, or use the Replicator utility for remote deployment. The Replicator utility can also be downloaded in the web interface section "Sources".
- 3) Configure the management server for agent
The managing server tells the agent where to get the settings from and where it will be controlled from.
The management server is indicated to the agent:
- when running the msi package in the case of a custom installation
- editing the agent file C:\Program Files\Rusiem\LogAgent.config
- remotely using the utility RuSIEM Replicator
Edit the file C:\Program Files\Rusiem\LogAgent.config
<add key="AdminUrl" value="https://rusiem.com/api/v1/remote/encrypt/agent" />
<add key="AdminUrl" value="https://you_server_ip/api/v1/remote/encrypt/agent" />
where you_server_ip - RuSIEM/RvSIEM server your installation.
- 4) Restart agent service
- 5) Assign collection sources from the web console to the agent
If the agent is configured successfully, it will appear in the server web console.
The agent can collect simultaneously both locally and remotely from multiple sources using an agentless method. For remote collection, you must first create a predefined account for collection in Settings->Accounts for data collect section in the web interface and then use it by selecting in the settings when specifying the source of collection.
ANY SOURCE. ANY DATA. ANY CASES. ONE RUSIEM.