Use the Full Enterprise Mode dialog box to enable advanced centralized logging and alert options provided by the KFSensor Collator service.
Before using the features of that are enabled in this dialog box, it is well worth reading the section of the KFSensor Administration Guide that describes the Full Enterprise Mode.
This option controls whether Full Enterprise Mode is enabled.
Each KFSensor Senor installation can be configured to send alert by email, syslog and by other means. These are sent directly from the KFSensor Senor machine.
The 'Alerts For Remotes' option enables the Collator service to send alerts for events from any sensor.
This has two main advantages.
If checked then the events reported by the KFSensor on the same machine as the collator will be logged to the database. Uncheck this if you are not running a sensor on the administration machine.
This option makes it easy to keep the signature rule base on each sensor up to date.
If checked then this option will instruct the Collator service to distribute a copy of the local signature rule base each time it is updated.
So the only signature rule base that needs to be maintained is the one on the KFSensor Administrator machine.
When this option is enabled then the collator will distribute a copy of the active scenario on the KFSensor administrator machine to each sensor, replacing its active scenario.
n.b. The scenario will only be be distributed to a sensor if its active scenario has the same name as
the active scenario on the KFSensor administrator machine. By default all sensors have 'Main Scenario' as the active scenario, so this will be enabled by default.
So to disable scenario distribution for just one sensor simply rename its active scenario.