Two log collectors can be configured for high availability to reduce the risk of data loss. In your environment, configure one device as the primary active node and the other as the secondary backup node. If the primary node becomes offline, the secondary becomes active.

1. Connect to the serial console. For more information, see Connect to the serial console.
2. On the main task screen, on the management interface, select Configure high availability for log collection, and then select Next.
3. At the prompt Please select an option for high availability for log collection, select Enable.
4. Select Next.
5. In the VRRP router ID field, enter a unique VRRP router ID between 1 and 255 for the cluster, and then press tab.
6. In the Virtual IP field, enter a unique IPv4 address for the cluster, and then press tab.
   Note:

   • The VRRP IP address must be different than the two management IP addresses of the cluster's nodes.
   • This is the IP address that is assigned to collect forwarded syslog events.
   • Check your firewall to make sure that the IP address that you configure as a virtual IP address is not already assigned to another device.
   • Choose an IP address that is in the same subnet as the management IP address of the log collector.
7. In the Priority field, enter the priority for the cluster node, and then select Next.
   Note: Arctic Wolf recommends 110 for the primary cluster node and 90 for secondary cluster node.
   Applying configuration displays.
8. Configure syslog forwarding on your log sources to send log data to the new virtual IP address.
   Note: If you use AD Sensor and NXLog, Arctic Wolf recommends reconfiguring them to send log data to the new virtual IP address. Contact your CST for assistance.
   After you have completed the high availability configuration, contact your Arctic Wolf Concierge Security® Team (CST) to confirm that configuration was successful.