About Using Agents with the Log Management Database

Agents deployed to network devices for the purposes of collecting log data must be able to connect to the dedicated database instance used by Log Management as well as the WhatsUp Gold server itself.

If you plan to use the Elasticsearch database installed by WhatsUp Gold

WhatsUp Gold installs the open source version of Elasticsearch which does not support encryption or authentication. If you deploy Agents in this configuration, log data returned to WhatsUp Gold/Elasticsearch will be in plain text and available for interception. Additionally, because no authentication is required, anyone on your network can perform queries against the Elasticsearch database which could potentially be malicious. Users with access could also post incorrect or malicious data.

Warning: Unless you fully understand the risk and know there is no possibility of "bad actors" gaining access to your network where the Elasticsearch database is accessible, running in this configuration is not advised!

If you plan to use an existing instance of Elasticsearch

If you plan to install your own Elasticsearch database instance, it is highly recommended you deploy the standard version which does support encryption and authentication. You also need to ensure the Elasticsearch database is reachable by all devices where an Agent is going to be deployed. This means the host name specified in the Log Management General Settings for the Elasticsearch database is resolvable by all devices where an Agent is deployed just like the Certificate Common Name. For additional information about the Certificate Common Name setting, see About the Certificate Common Name. Additionally, please ensure any firewalls that may exist between Agent devices and the server hosting the Elasticsearch instance permit connections to the Elasticsearch database.

See Also

Important Considerations and Planning for WhatsUp Gold Agent Deployment and Usage