Replicator is a user datagram protocol (UDP) forwarder/fanout used to transparently duplicate UDP datagrams to multiple destinations. It simplifies adds, moves, and changes when an additional SIEM or NetFlow collector is introduced into security log management.
Replicator logically sits on the network between UDP metadata-exporting devices (e.g. switches, routers, firewalls, etc.), and the products that collect that data. It takes in a single stream, then copies and forwards it to multiple security and management tools like Scrutinizer, SIEMs, IPSs, network management tools, etc. This data distribution serves two very important purposes. First, it lets organizations maximize the value of their existing security and network monitoring products. Second, it protects the CPU of the infrastructure devices exporting the data.
Flexible data forwarding
Replicator collects a single stream of UDP traffic from the network infrastructure, then copies and forwards it to multiple destinations. Each stream of UDP data can be forwarded to its own unique set of destinations, providing ultimate flexibility. Replicator can consume syslogs, convert the information to IPFIX, and forward it to Scrutinizer.
Simplify adds, moves, and changes
When organizations acquire new security and network monitoring, they simply configure Replicator to forward one more UDP stream of metadata to these new tools. This prevents IT from having to change the configuration of each switch and router, protects the CPU of the exporter from having to duplicate exported UDP streams, and reduces cost and complexity.
Provide a high availability solution
Replicator is central to delivering a scalable high-availability Scrutinizer deployment.
Prevent hacker obfuscation
When bad actors gain a foothold, they will go to great lengths to cover their tracks by deleting logs and other information. Replicator prevents this obfuscation by transparently distributing those logs and data across many different places. A hacker would need to successfully compromise all these different databases to successfully delete all the logs.