All Collectors must be able to reach out to port 443 to: https://endpoint.ingress.rapid7.com (US) or https://eu.endpoint.ingress.rapid7.com (EMEA). If your firewall or web proxy restricts outbound connections, you must grant permission for the Collector to be able to connect to the backend servers. Customers who prefer data to be hosted outside the United States can chose to host their data in our AWS Germany (Frankfurt) cloud need to be able to reach https://eu.data.insight.rapid7.com and https://s3.eu-central-1.amazonaws.com.
Setting up the Collector
The following process pairs the Collector installed in your network to Amazon Web Services (AWS), where the InsightOps servers are hosted.
Once you have successfully installed your Collector, you can set up some Event Sources and start monitoring your network.
- Configure firewall/web proxy rules to allow the Collector to reach https://data.insight.rapid7.com and https://s3.amazonaws.com.
- Disable the local firewall.
- From your desktop, go to https://insight.rapid7.com and log in with your InsightOps credentials. If you do not have credentials, please contact Rapid7 Support.
- Download the Collector installer from https://insight.rapid7.com/#/data-collection/.
- Run the installation wizard for your server operations system and follow the instructions.
- Click Activate Collector
- Name the Collector using a Fully Qualified Domain Name (FQDN), such as collector23.myorg.com.
- The FQDN can be local and does not need to be publicly addressable.
- Paste the Agent Key and click Activate.
Configuring a Collector on Linux
The process for installing on Linux follows the same process detailed above, with some altered steps.
- The agent key refers to the activation key, which is written into an .html file.
- To access this key, open the command prompt and execute the following commands:
- These commands will print the contents of the .html file in the command prompt. Find the Activation Key, and use it in place of the Agent Key in InsightIDR.
Deleting a Collector
If you encounter a problem and need to remove a Collector, you must delete it from InsightOps and you must uninstall it from the server or virtual machine where it is installed.
Deleting a Collector from InsightOps
- Click the Data Collection link in the InsightOps menu.
- Click Manage Collectors from the Setup Collector dropdown menu.
- From here click the
Deletebutton of the Collector that you want to delete.
- Enter the name of the Collector you wish to delete and press the confirmation button.
The Collector and all Event Sources assigned to it are removed from the Collectors list. Data from the Event Sources will no longer be ingested in InsightOps.
Deleting a Collector from a Windows system
Open the Start Menu, locate the Insight Platform folder, and then click the Uninstall button.
Note: If you cannot find the Uninstall shortcut, run the uninstall.exe file from the InsightIDR.install4j subdirectory of the destination directory where you installed the Collector.
Deleting a Collector from a Linux system
In Linux, run the uninstall script from the .install4j subdirectory of the destination directory where you installed the Collector.
When the uninstaller finishes, the Collector will no longer available on the server. If you need to set up the Collector again, you can reinstall and reactivate the Collector on the same machine.