What Collector Agent can do ie. is:
polls: 672, 673, 680, 4768, 4769, 4776, 4624 Event IDs unlike polling from FortiGate limited to 4768, 4769
IP ignore list
RDP logon override
Extensive logging capability for troubleshooting
Scalability - can suit very large environments with DCs around the globe
Various methods of getting logon information
+ Collector Agent does not use FortiGate's hw resources
to name few advantages over polling directly from FortiGate.
Local might be good enough for a smaller office with modest AD environment.
post edited by Alivo_ FTNT - 2020/02/25 00:41:14