Forum Discussion
Alan_Roper_2049
Sep 21, 2016Nimbostratus
Thanks for the suggestions, after discussing the issue with the SIEM team the duplication issue looks to be down to how the collectors receive the logs. If all the logs got to one collector then it can de-dupe them, if logs are received over multiple collectors that's when the issue occurs. So an initial solution is to see if having the pool members prioritised so traffic is only forwarded to one collector at a time until the highest priority one fails will resolve the issue.
Thanks again
Alan