When Do I Need SECagent?
The short answer is that the SECagent is not required unless the system or device you need to monitor is unable to send events using one of the numerous protocols typically used by network management platforms. Most network and security devices as well as Linux/Unix systems are typically able to send events; however, most other environments are not. If one of these protocols is available to send events, then SECcollector is able to receive these real-time events directly. Otherwise, SECagent is needed.