Secure60 Collector
Overview
The Secure60 Collector is a service that ingests data from various log sources and automatically transforms it into the Secure60 Common Information Model (CIM). The collector normalizes and sends this data to your Secure60 Project.
Key Features
- HTTP/S and Syslog endpoints for ingestion
- HTTP polling for data extraction from third-party systems
- 40+ custom integration options (Kafka, AWS S3, Redis, Splunk HEC, Fluent, etc.)
- Automatic field normalization
- Scalable to hundreds of thousands of events per second
- Flexible deployment options (Docker, Cloud-hosted, or bare metal)
- Data Masking and privacy
- Portal-based configuration management
Choose Your Configuration Approach
Secure60 Collector supports two configuration approaches. Choose the path that best fits your needs:
Portal-Based Configuration (Recommended)
Best for: Most users, teams wanting visual management, and those who prefer UI-based configuration.
The recommended approach for most users is to manage collector configuration through the Secure60 Portal. This modern interface provides:
- Collector Groups: Organize and manage multiple collectors
- Collector Profiles: Container-based organization of Log Parsers
- Log Parsers: Match log types and extract valuable context (usernames, IPs, login status, etc.)
- Log Patterns: Automated pattern detection for intelligent log enrichment
- Search Integration: Build parsers directly from search results
- Automatic Configuration Sync: Changes are automatically synchronized to collectors
Manual Configuration
Best for: Advanced users, custom scenarios, and features not yet available in the portal UI.
For advanced features and scenarios not yet available in the portal UI, you can configure collectors using:
- Environment variables (
.envfiles) - YAML configuration files
- Custom transformations
- Direct file-based configuration
Quick Start
Portal-Based Workflow (Recommended)
- Navigate to Integrations → Secure60 Collector → Collectors in your Secure60 Portal
- Create a Collector Group and generate a
.envfile - Deploy the collector using the generated configuration
- Create Collector Profiles and Log Parsers to process your logs
- Assign profiles to collector groups
Read the full Collectors guide →
Manual Configuration Workflow
- Navigate to Integrations → Secure60 Collector in your Secure60 Portal
- Generate a basic
.envfile with your Project ID and token - Deploy the collector
- Configure advanced features via environment variables or YAML files
Read the full Manual Configuration guide →
Deployment
The Secure60 Collector can be deployed using Docker:
docker run -i --name s60-collector \
-p 80:80 -p 443:443 -p 514:514/udp -p 6514:6514 -p 5044:5044 \
--rm -d --env-file .env secure60/s60-collector:1.09
Or using Docker Compose:
services:
s60-collector:
image: "secure60/s60-collector:1.09"
container_name: "s60-collector"
ports:
- "443:443"
- "80:80"
- "514:514/udp"
- "6514:6514"
- "5044:5044"
env_file:
- .env
restart: 'always'
Note: Generate your .env file through the portal (recommended) or manually configure it for advanced scenarios.
Documentation Pages
Collectors Guide →
Portal-based configuration workflow (Recommended)
Complete guide to managing collectors through the Secure60 Portal interface, including Collector Groups, Profiles, Log Parsers, and Log Patterns.
Open Collectors Documentation →
Manual Configuration Guide →
Advanced configuration via files and environment variables
Comprehensive reference for advanced configuration options, including environment variables, YAML files, custom transformations, and all features not yet in the portal UI.
Open Manual Configuration Documentation →
Getting Help
We strongly recommend working with our Integrations team for custom advice and onboarding assistance specific to your organization’s needs.
Contact: integrations@secure60.io
Our integrations team can help with:
- Custom parser development
- Complex log format parsing
- Deployment assistance
- Best practice recommendations
- Advanced configuration scenarios
Back to top