DeviceLock Enterprise Server : Consolidating Logs : Getting Started Using the Consolidation of Logs
  
Getting Started Using the Consolidation of Logs
To use the consolidation of logs, an administrator of DeviceLock Enterprise Server first needs to decide which server will be used as the central collection server, and then configure other, remote servers to forward logs to that server.
On every server that is intended to forward logs to the central collection server, the administrator has to configure the log consolidation settings by specifying:
The name of the computer running the central collection DeviceLock Enterprise Server.
The schedule of sending logs to the central collection server.
Which logs to send to the central collection server.
Whether to copy or move log data (in the latter case, the data will be deleted from the remote server).
Whether to limit the network bandwidth utilization for transmitting log data to the central collection server.
When configuring log consolidation, the administrator must also specify the way of authentication between the remote server/s and central collection server. The following authentication options are available:
Certificate (recommended option, see DeviceLock Certificates) - The private key of the certificate must be installed on the central collection server by using the “DeviceLock certificate” parameter in Server Options. The public key of that certificate must be supplied along with the name of the central collection server in the log consolidation settings on the remote server/s.
Another option is to install the private key of the central collection server’s certificate on the remote server/s by using the “DeviceLock certificate” parameter in Server Options. In this case, the public key on the remote server is not required.
Windows account - The Windows service “DeviceLock Enterprise Server” on the central collection server must be running under an account with DeviceLock Enterprise Server administrator rights on the remote server/s.
To view all remote servers that forward their logs to the central server, use the DeviceLock Enterprise Server > Consolidation Servers list in the console connected to the central collection server. This list shows the names of the remote servers, the schedule for sending logs to the central server, the current status of each server, as well as the amount of data transferred to the central collection server.