Forum Discussion
maheshcapj
Sep 15, 2021Copper Contributor
MCAS log ingestion deployment modes( Log collector vs MDE)
Hello techies, Hope you all doing well and keeping safe during this unprecedented timings!! I have couple of queries regarding log deployment modes. Please help me understand. As part of ...
JaredPoeppelman
Dec 03, 2021Former Employee
1. MDE is superior in ease of deployment and pretty much every other way but is not available for every network device, like IoT devices for one example. Log collectors can receive syslog data from virtually any network firewall or web proxy device, so that can cover any host.
2. When using both (MDE and log collectors), you may also get duplicate data for MDE clients going through a network device that is also sending logs to the collector. The only current solution for de-duplication is to simply view the individual reports, instead of the all-up report containing both datasets.
3. I cannot answer your specific questions, but if you are unable to get your log collectors working following our guidance, please contact support.
2. When using both (MDE and log collectors), you may also get duplicate data for MDE clients going through a network device that is also sending logs to the collector. The only current solution for de-duplication is to simply view the individual reports, instead of the all-up report containing both datasets.
3. I cannot answer your specific questions, but if you are unable to get your log collectors working following our guidance, please contact support.