Home
Remote Collector
Installation Guide
Information and resources on how to install a Remote Collector, and the different options and settings available.
Deployment
Configure CA-based certificates
The certificates installed by default in the Guardian and the Remote Collector are self-signed, but, if necessary, it is also possible to use certificates signed with a certificate authority (CA).

Remote Collector
- Introduction
  An overview of the Remote Collector.
- Installation Guide
  Information and resources on how to install a Remote Collector, and the different options and settings available.
  - Introduction
  - Physical installation
  - Virtual installation
  - Container installation
  - Basic configuration
  - Additional settings
  - Deployment
    - Connect a Remote Collector to Guardian
      Once you have configured a remote Collector, you can connect it to a Guardian. You configure a Remote Collector through a terminal secure shell (SSH) or console.
    - Configure the Remote Collector
      To configure a Remote Collector, use the terminal (secure shell (SSH) or console).
    - Set the time zone
      To set the time zone of the sensor, edit the /data/cfg/n2os.conf.user file.
    - Enable bandwidth throttling
      You can specify the maximum amount of allowed traffic to limit the bandwidth that a sensor's management port has at its disposal (for access and updates).
    - Enable multiplexing
      In addition to a primary Guardian, Remote Collectors can multiplex traffic to a set of secondary Guardians. Each Guardian receives the same traffic information from the Remote Collector.
    - Configure the site name and description
      You can set a site name and description for a Remote Collector to help identify it.
    - Set the compression strategy from a shell console
      You can set a compression strategy to compress the traffic that the Remote Collector generates.
    - Set the compression strategy from Guardian or CMC
      Setting a compression strategy lets you compress traffic that the Remote Collector generates.
    - Enable traffic forwarding
      The previous steps enable the Remote Collector to communicate with the Guardian sensor, but traffic forwarding requires the two to exchange the certificates required for encrypting the sniffed traffic being forwarded.
    - Configure CA-based certificates
      The certificates installed by default in the Guardian and the Remote Collector are self-signed, but, if necessary, it is also possible to use certificates signed with a certificate authority (CA).
    - Disable a Remote Collector
      You can disable Remote Collectors that are not in-use to make your environment more secure.
  - Compatibility Reference
  - Federal Information Processing Standards
- Troubleshooting
  Troubleshooting procedures to help you solve problems that might occur with the Remote Collector.
- Print format documentation
  A list of all the print-format documentation that is available for the Remote Collector.

Configure CA-based certificates

The certificates installed by default in the Guardian and the Remote Collector are self-signed, but, if necessary, it is also possible to use certificates signed with a certificate authority (CA).

Normally a certificate chain that has a Root CA and several Intermediate CAs are used to sign a leaf certificate. If you want to follow this approach, then do this procedure, which you have to do for both the Guardian and the Remote Collector sensors.

Put a leaf certificate/key pairs under /data/ssl/https_nozomi.crt and /data/ssl/https_nozomi.key
The certificate installs in the sensor.
Put the certificate chain under /data/ssl/trusted_nozomi.crt
The certificate chain installs in the sensor. Any certificate signed with the chain is now accepted as valid.