Your InsightOps views are populated with user activity data derived from your network logs. If your InsightOps views appear to be incomplete, you may need to check your data sources.
I cannot activate the collector. The activation key does not work.
First, make sure you have the correct activation key. It's located in the AgentKey.html file in the insightidr/agent_key subdirectory of the destination directory where you installed the collector.
If the key is correct, but still does not work, it may have been voided. This can occur if you do not activate the collector immediately after installing it or if you have restarted the server where the collector is installed.
If the activation key has been voided, you will need to uninstall the collector and then reinstall it.
My collector is showing up as inactive on InsightOps.
Try restarting the Collector service. Contact Rapid7 support if restarting does not fix your issue.
- For Linux Collectors, run
service collector restartfrom the command line. On some systems this command may need superuser privileges (
- For Windows collectors, open the Services app and restart the 'Collector' service.
How do I increase the amount of RAM allocated to the collector in environments that require a lot of RAM?
Place a file in the same directory where you installed the collector with the name collector.vmoptions which contains the following line:
where "#" is the number of GB of memory the collector should use. For a 4GB machine, you can
tell the collector to use 3GB of memory by putting
-Xmx3g in the file. For an 8GB machine, you
can tell the collector to take 6GB of memory by saving a collector.vmoptions file in the collector
directory with the line
I have set up an event source using syslog data collection, but the log data is not showing up in InsightOps.
If the collector has a local firewall running, that firewall may be blocking the port you configured for the event source. Check your firewall settings to make sure the device can communicate with the InsightOps collector via the configured port. If firewall settings seem to be correct, try stopping the current event source and configuring a Rapid7 Generic Syslog event source to listen to the same port. If the generic syslog shows EPM, there is a problem with the log format. Contact support for further assistance.
I have an event source that InsightOps does not support. Is there a way for InsightOps to monitor that source?
Use the Rapid7 Generic Syslog event source to upload sample log files that are not supported by any event source in InsightOps. The Development team will work with the sample data to create a new event source in InsightOps. When they are done, you will be notified to delete the Rapid7 Generic Syslog event source and add the new event source to your collector.