All Collectors must be able to establish outbound connectivity on port
*.endpoint.ingress.rapid7.com and communicate with the domains shown in the Data and Storage (S3) columns of the following table according to your geographic region. For example, for InsightOps subscribers that elect to store their data in Australia, Collectors must be able to communicate with the following endpoints using port
|Region||Data endpoint||Storage (S3 endpoint)|
If you intend to deploy token-based Insight Agents through your Collectors, you also need to allow outbound connectivity from each Collector on port
443 to the endpoint that provides the agent's configuration files. Just like the Data and Storage endpoints in the previous table, you can configure your firewall rules to allow your Collectors to connect to a region-specific version of the Deployment endpoint to meet this requirement:
Setting up the Collector
The following process pairs the Collector installed in your network to Amazon Web Services (AWS), where the InsightOps servers are hosted.
Once you have successfully installed your Collector, you can set up some Event Sources and start monitoring your network.
- Configure firewall/web proxy rules to allow the Collector to reach https://data.insight.rapid7.com and https://s3.amazonaws.com.
- Disable the local firewall.
- From your desktop, go to https://insight.rapid7.com and log in with your InsightOps credentials. If you do not have credentials, please contact Rapid7 Support.
- Download the Collector installer from https://insight.rapid7.com/#/data-collection/.
- Run the installation wizard for your server operations system and follow the instructions.
- Click Activate Collector
- Name the Collector using a Fully Qualified Domain Name (FQDN), such as collector23.myorg.com.
- The FQDN can be local and does not need to be publicly addressable.
- Paste the Agent Key and click Activate.
Configuring a Collector on Linux
The process for installing on Linux follows the same process detailed above, with some altered steps.
- The agent key refers to the activation key, which is written into an .html file.
- To access this key, open the command prompt and execute the following commands:
- These commands will print the contents of the .html file in the command prompt. Find the Activation Key, and use it in place of the Agent Key in InsightIDR.
Deleting a Collector
If you encounter a problem and need to remove a Collector, you must delete it from InsightOps and you must uninstall it from the server or virtual machine where it is installed.
Deleting a Collector from InsightOps
- Click the Data Collection link in the InsightOps menu.
- Click Manage Collectors from the Setup Collector dropdown menu.
- From here click the
Deletebutton of the Collector that you want to delete.
- Enter the name of the Collector you wish to delete and press the confirmation button.
The Collector and all Event Sources assigned to it are removed from the Collectors list. Data from the Event Sources will no longer be ingested in InsightOps.
Deleting a Collector from a Windows system
Open the Start Menu, locate the Insight Platform folder, and then click the Uninstall button.
Note: If you cannot find the Uninstall shortcut, run the uninstall.exe file from the InsightIDR.install4j subdirectory of the destination directory where you installed the Collector.
Deleting a Collector from a Linux system
In Linux, run the uninstall script from the .install4j subdirectory of the destination directory where you installed the Collector.
When the uninstaller finishes, the Collector will no longer available on the server. If you need to set up the Collector again, you can reinstall and reactivate the Collector on the same machine.