Collector objects in Supercharger correspond directly to the Windows servers where you use Windows Event Collection. To add such a server to Supercharger, simply install the Controller (aka agent) service. See how to article. The Master server is always listed as a Collector even though in large environments you may not use it as such.
Controller (aka Agent) Service
The Supercharger controller (aka agent) service reports all status data regarding Windows Event Collection to the manager and processes any commands submitted from the manager or you, the user, through the web interface. Some of the work the Controller handles includes:
- Executes subscription creation, deletion and modification as requested from the manager and web application
- Periodic analysis of local WEC subscriptions
- Performance analysis including CPU and Events Logged per Second. This data is reflected in near real time and compared to 7 day peak and average on the collector and subscription tiles of the dashboard. Internally Supercharger also records these statistics each hour for longer term analysis which will be surfaced in future versions.
- Monitors and manages the state of critical services including WinRM and Windows Event Collection. Normally Supercharger ensures the services are always started unless you change the desired state from the Collector’s viewer dialog.
- Enforces Subscription Policy configuration on assigned subscriptions.
- Deletes outdated WEC sources. See Pruning.
- Queries the local Active Directory domain on behalf of the web application and manager
The controller communicates strictly via SQL (TCP 1433) and uses SQL Service Broker functionality to avoid constant polling. The only exception to SQL communication is when a controller learns that the manager has been upgraded; the controller then uses HTTPS or HTTP to download the latest version of the controller installer and proceeds to upgrade itself. If automatic upgrade should fail for any reason you can manually upgrade the controller by following the same method as installation.
From the collector’s viewer dialog you can submit commands to run on demand including:
- Forwarder analysis
- Restart the Controller Service
- Reboot the Collector
- Prune Old WEC Sources
The Supercharger Manager monitors the status each controller service. If it detects the controller has not reported in for recently it will alert you to the health status change and reflect it in the status color of the collector’s tile on the dashboard. As will all objects in Supercharger you can see the reason(s) for a given health status color by opening the controller’s viewer dialog.
If a collector will be down for maintenance or if you prefer Supercharger, for purposes of health monitoring, to ignore a collector you can mark it as “Exclude from health monitoring” on the collector’s viewer dialog.
Optionally provide private feedback to help us improve this article...
Thank you for your feedback!