Decoder: Configure a Log Decoder to Accept Protobuf

Document created by RSA Information Design and Development on Apr 21, 2016
Version 1Show Document
  • View in full screen mode
 
  

This topic describes the method for configuring a Log Decoder to accept logs in protobuf (Protocol Buffer) format.

There are occasions when you want to analyze log files that are in protobuf (Protocol Buffer) format.

Procedure

To import a log file to a Log Decoder:

  1. In the Security Analytics menu, select Administration > Services.
  2. Select a Log Decoder in the Service grid, and select  Actions menu cropped > View > Explore.
    The Explorer view for the Log Decoder is displayed.
  3. Navigate to event-processors/logdecoder/destinations/logdecoder/consumer/processors/
    tcpconnector/config

    Your screen should look similar to the following.
    protobufCfg01.png
  4. For the send-protobuf field, select false, and change the value to true.
  5. Navigate to event-processors/logdecoder/destinations/logdecoder/consumer/processors/tcpconnector/
    config/connector/channel/tcp
    and change the port value to 50202.
  6. Navigate to event-processors/logdecoder/destinations/logdecoder/consumer/processors/tcpconnector/
    config/connector/event
    and change the following parameters:
    • Clear the delimiter field
    • Change format to %text%
You are here: Additional Procedures > Configure a Log Decoder to Accept Protobuf

Attachments

    Outcomes