Managing Collector feeds

The

You can manage the connections between Analyzer and Collectors on the Administration > Data flow settings > Analyzer & Collectors management page of the

• Monitor the flow of traffic data into the Analyzer on the Status tab:
  
  The Status tab
  

• Configure the Maximum Wait Time on the Analyzer settings tab.
  
  A configurable delay period called Maximum Wait Time defines out of sync. For example, if you set the Maximum Wait Time to 15 minutes, a Collector feed that is more than 15 minutes behind other Collectors is considered out of sync. Additionally,

  The macro unmigrated-inline-wiki-markup from Confluence is no longer available.

  stops pulling data from all

  The macro unmigrated-inline-wiki-markup from Confluence is no longer available.

  s for a maximum of 15 minutes before dropping the delinquent feed and starting to pull data again through other feeds.
  
  The Maximum Wait Time is also used to determine how much historical data is pulled from

  The macro unmigrated-inline-wiki-markup from Confluence is no longer available.

  s after a period of

  The macro unmigrated-inline-wiki-markup from Confluence is no longer available.

  unavailability has ended.

  The macro unmigrated-inline-wiki-markup from Confluence is no longer available.

  components can retain up to 2 hours of historical data.

• Manage the list of associated Collector feeds on the Collector feeds settings tab.
  
  Collector feeds settings tab
  

To add a Collector feed on the Analyzer

1. On the

   The macro unmigrated-inline-wiki-markup from Confluence is no longer available.

   , open the Administration > Data flow settings > Analyzer & Collectors management page.
2. Switch to the Collectors feeds settings tab.
3. On the Action menu, click Add.
4. In the Name and Description text boxes, type a meaningful name and description to identify the

   The macro unmigrated-inline-wiki-markup from Confluence is no longer available.

   that you want to feed data from.
   
   The name and description identify the component throughout the system.
5. In the IP/DNS name box, type the name or IP address (IPv4 only) of the

   The macro unmigrated-inline-wiki-markup from Confluence is no longer available.

   .
6. In the Port box, type the port number used to access the component.
7. Fill in the Username on Collector and Password on Collector boxes with valid credentials to access the component.
8. To accept the Collector's default certificate, select the Allow self-signed certificate check box.
9. To permit this

   The macro unmigrated-inline-wiki-markup from Confluence is no longer available.

   to handle alerts generated by this

   The macro unmigrated-inline-wiki-markup from Confluence is no longer available.

   , select the Accept Alerts from Collector check box.
10. To set the priority of this

    The macro unmigrated-inline-wiki-markup from Confluence is no longer available.

    , in the Priority section, click High or Low. The

    The macro unmigrated-inline-wiki-markup from Confluence is no longer available.

    does not reject data (via sampling) from high-priority feeds.
11. Do one of the following:
    • To feed all traffic that this component collects to the

      The macro unmigrated-inline-wiki-markup from Confluence is no longer available.

      , select Capture all traffic from the Collector.
    • To feed only a specific subset of traffic that this component collects to the

      The macro unmigrated-inline-wiki-markup from Confluence is no longer available.

      , add a filter expression to identify the traffic that you want to capture.
      
      To compose an expression using the Expression Builder, click Build a filter expression.
12. Click Save.

Result

The new

• – Connected
• – Not connected, trying to reconnect
• – Unknown status (for feeds that are turned off)

To turn the feed on immediately, click ON in the row for the Real User Collector.