Falcon Log Collector Manage your Fleet

Falcon Log Collector Data ingest tab provides a set of functionalities which allow you to monitor and manage a fleet of collector instances.

There are two different approaches to managing your fleet, you can either use;

Fleet Management with Remote Configuration Management (recommended method) which allows you to monitor the status of your instances and;
- manage your configuration files using an editor which validates the file as you type,
- reuse configurations across groups of collectors which also means you can roll out a change to multiple instances easily,
- extend configurations
- test out new configurations without impacting log collection.
Fleet Management with Local Configuration files this method allows you to monitor the status of your Falcon Log Collector instances but manage the configuration files manually.

You can also use these pages to perform the steps required work with Falcon Log Collector locally or remotely (using centralized management):

Install Falcon Log Collector
Manage Remote Configurations
Manage Falcon Log Collector Instance Enrollment and configure any required Enrollment Token Options.
View the status of your fleet on the Manage Your Fleet page.
Enable Debug on your Falcon Log Collector Instances.

Figure 7. Fleet Overview

Fleet Management Internal Logging

Internal logging can be enabled and disabled from Fleet Management without having to set environment variables, this means internal logging can be enable/disabled without restarting the Falcon Log Collector and it makes it possible to dynamically change verbosity (internal log level).

Enable Internal Logging

Go to LogScale and click Data Ingest. The Fleet overview page will load with all the Falcon Log Collectors which have been configured for fleet management and/or enrolled in remote config file management.
Click Fleet Overview on the left menu. The page will be displayed with the details listed above. Use the filter boxes to filter by status and/ or the assigned configuration.
Click the ellipsis next to the Falcon Log Collector instance and click Manage Internal Logging
Figure 31. Enable Logging
Click Enable to enable logging.
Click either:
- Send to repository, select the required log level, a repository and an ingest token from the drop down menus and click Save changes.
- Send to different instance, select the instance to send the logs to, the log level and an ingest token.
Figure 32. Send to Repository

Change Internal Logging Settings

Go to LogScale and click Data Ingest. The Fleet overview page will load with all the Falcon Log Collectors which have been configured for fleet management and/or enrolled in remote config file management.
Click Fleet Overview on the left menu. The page will be displayed with the details listed above. Use the filter boxes to filter by status and/ or the assigned configuration.
Click the ellipsis next to the Falcon Log Collector instance and click Manage Internal Logging .
Figure 33. Logging
Click a tab:
- the Disable tab and click Disable to stop logging for the instance selected.
- Send to repository tab to change or set up the details for logging to repository, select the required log level, a repository and an ingest token from the drop down menus and click Save changes.
- Send to different instance tab to change or set up logging to another Falcon LogScale instance, insert the url of the instance to send the logs to, the log level and an ingest token.