Do you have feedback on our new interface?
Do you have feedback on our new interface? Let us know HERE
Micro Focus Contributor
Micro Focus Contributor
137 views

What architecture used when collecting from over 1000 windows servers using WUC / WEC

I'm looking to collect logs from over 2000 Windows servers.  At the moment when I use either the WUC or WEC the ratio is 10 servers -> 1 WUC/WEC server Physical or virtual.  This solution is not feasible within the network being that would be 200 additional VM / physical servers.  Could somone share another solution / archtecture that would work better in my current environment? 

 

Thank you

0 Likes
2 Replies
Micro Focus Frequent Contributor
Micro Focus Frequent Contributor

Re: What architecture used when collecting from over 1000 windows servers using WUC / WEC

I would use the Windows Native Connector (WiNC) instead of the Unified Connector (WUC). WEC typically is used to refer to a Windows Event Collector which would be a Windows server that has been configured as a destination server for Windows Event Forwarding (WEF). With WEF you can configure servers to send select events to the WEC and then use your WiNC to collect the logs from the WEC. This allows you to collect logs from multiple servers through a single collection point and the WEF can be configured through group policy. You can subscribe to specific event ID's  or ranges which make the event collection much more efficient. WUC by contrast pulls the entire log file and connects to each server which you must add to the hosts table.

WiNC in combination with WEF will make your event collection more scalable.

0 Likes
Outstanding Contributor.. EricLamer Outstanding Contributor..
Outstanding Contributor..

Re: What architecture used when collecting from over 1000 windows servers using WUC / WEC

I would also use 2 subscriptions on the WEC and split the servers in 2, that way you can use 2 WINC connectors and it would be probably better.  Having too many logs in just one subscription can cause pulling lag.

 

0 Likes
The opinions expressed above are the personal opinions of the authors, not of Micro Focus. By using this site, you accept the Terms of Use and Rules of Participation. Certain versions of content ("Material") accessible here may contain branding from Hewlett-Packard Company (now HP Inc.) and Hewlett Packard Enterprise Company. As of September 1, 2017, the Material is now offered by Micro Focus, a separately owned and operated company. Any reference to the HP and Hewlett Packard Enterprise/HPE marks is historical in nature, and the HP and Hewlett Packard Enterprise/HPE marks are the property of their respective owners.