Complete the steps provided here to rotate the Insight certificates on the nodes in the Audit Store cluster. Complete the steps for one of the two scenarios. For a single-node where nodes have still to be added to the cluster or a multi-node cluster where nodes are already added to the cluster.
The Log Forwarder collects logs from the protectors and forwards them to Insight. Insight stores the logs in the Audit Store. If the Audit Store is not reachable due to network issues, then the Log Forwarder caches the undelivered logs locally on the hard disk.
Complete these steps after updating the domain name for the system. This is important when the td-agent is used for sending logs to Insight and the external SIEM over TLS. These steps update the bind key in the INPUT_forward_external.conf file with the updated domain name.
Update the configurations on the ESA after updating the IP Address of the ESA machine.
Update the ESA configuration after updating the host name or domain name of the ESA machine.
Certificates must be rotated in certain cases, such as, when the certificates expire or become invalid. If the ESA Management and Web Services certificates are rotated, then the Insight certificates must be rotated. Complete the steps provided here to rotate custom Insight certificates on the nodes in the Audit Store cluster. Complete the steps for one of the two scenarios, for a single-node cluster where nodes have still to be added to the cluster or a multi-node cluster where the nodes are already added to the cluster.
When the ESA is removed from the Audit Store cluster, the td-agent service is stopped, then the indexes for the node are removed and the node is detached from the Audit Store cluster. The ports to the node are closed.