Advanced Event Source Settings

Multi-Domain Environments

If you have multiple domains in your environment, it is prudent that you set up your default domain so the Collector knows where to attribute data.

Rapid7 Encryption Certificate

When using TCP to send event source data by syslog, you can also choose to encrypt that data. When configuring an event source, choose TCP under collection methods and select the "Download Certificate" button. The certification is called Rapid7CA.pem and will allow InsightIDR and the event source to "trust" each other during log forwarding.

Rapid7 Recommends importing the certificate file on the same machine as the vendor or application you are connecting to InsightIDR as an event source. Use your administrative tool or vendor in order for your machine to ingest the certificate.

Certificate Contents

The certificate file contains two keys: a public key for your organization, and the Rapid7 key, which created the org-key.

Inactivity Timeout Threshold

This setting only applies to DHCP and VPN event sources. The inactivity Timeout Threshold setting allows you to specify in minutes how long an event source should be inactive before it enters an error state.

Active Failover Partner

If you have two DHCP servers configured in an active/passive relationship, you can specify the active partner.

Unparsed Logs

Learn about how unparsed logs affect your event source.