1 Reply Latest reply on Aug 20, 2015 5:44 AM by Peter M

    Setup ELM HA between two different Sites

    reddy

      SIEM_HA_Design.jpg

      Currently the setup is like in the above diagram in which we have around 20+ Windows Servers and 300+ Syslog devices in the environment. In the setup we are using ERC -1250 Model appliances and ESM, ELM are setup as virtual machines. All are running on 9.5.0 MR4.

       

      Following are my inquiries:

       

           Site 1 - Active

           Site 2 - Active

          Note :This design has a draw back of both ERC's polling windows servers for event logs, this would put extra load on the network and as well as the Windows Servers.

         

           1 How to introduce one ELM into this setup ??

           2 Can I migrate ELM from one SITE to the other with the same database ??

           3 In case of network failure how to achieve data logging Synchronization between the two sites ??

       

      Need advice.