Log Collection Deployment: Remote/Local Collectors Configuration Parameters

Document created by RSA Information Design and Development on May 9, 2016Last modified by RSA Information Design and Development on May 4, 2017
Version 6Show Document
  • View in full screen mode
  

This topic introduces the user interface for configuring the Log Collection deployment parameters

The Services Config view is the view on which you maintain all the Log Collection parameters. The tab in which you maintain the deployment parameters referred to in this guide is the Remote/Local Collectors tab:

  • If you are configuring a Local Collector, Security Analytics displays the Remote Collectors tab so that you can configure the Local Collector to pull events from Remote Collectors.
  • If you are configuring a Remote Collector, Security Analytics displays the Local Collectors tab so that you can configure the Remote Collector to push events to a Local Collector.

This topic introduces features of the Services Config view > Remote Collectors/Local Collectors tab

Remote/Local Collectors Tab

If you deploy Remote Collectors, the RSA Security Analytics administrator must configure the method of sending events collected by Remote Collectors to the Local Collector.

To access this tab:

  1. In the Security Analytics menu, select Administration > Services.
  2. In Services, select a Log Collector service.
  3. Click AdvcdExpandBtn.PNGunder Actions and select View > Config.
    The Service Config view is displayed with the Log Collector General tab open.
  4. Select the Remote Collectors tab.

The following figure depicts the Remote Collectors tab for a Local Collector that is configured to pull events from a Remote Collector. Security Analytics displays this tab when you have selected a Local Collector in Administration > Services.

Local Collectors Tab for a Remote Collector

To access this tab:

  1. In the Security Analytics menu, select Administration > Services.
  2. In Services, select a Log Collector service.
  3. Click AdvcdExpandBtn.PNGunder Actions and select View > Config.
    The Service Config view is displayed with the Log Collector General tab open.
  4. Select the Local Collectors tab.

The following figure depicts a Local Collectors tab for a Remote Collector that is configured to push events to a Local Collector or another Remote Collector.

The following figure depicts the Local Collectors tab for a Remote Collector that is configured to pull events from a Remote Collector. Security Analytics displays this tab when you have selected a Remote Collector in Administration > Services.

VLC_CollTab_Pul.png

Remote Collectors Tab

On a Local Collector, the Remote Collectors panel provides a way to add or delete Remote Collectors from which the Local Collector pulls events.

Remote Collector Panel

                                       
ColumnDescription
Icon-Add.png Displays the Add Source dialog in which you select the Remote Collectors from which you want the Local Collector to pull events.
Icon_Delete_sm.png Deletes the Remote Collector from the Local Collector Remote Collectors panel.
icon-edit.png Displays the Edit Source dialog for the selected Remote Collector.
Checkbox.png Selects Remote Collectors.
NameNames of the Remote Collectors from which the Local Collector currently pulls events.
AddressIP Addresses of the Remote Collectors from which the Local Collector currently pulls events.
CollectionsChoose which collection protocols that the Remote Collector pushes to a Local Collector:
Check Point
File
Netflow
ODBC
Plugins
SDEE
SNMP
VMware
Windows
Windows Legacy
You can select any combination of protocols. If you do not select a protocol, Security Analytics selects all protocols.

Local Collector Tab

On a Remote Collector, the Local Collector panel provides a way to add or delete the Local Collectors to which you want to the Remote Collector to push events.

Select the Destination or Source in the Select Configuration drop-down menu.

  • Destination displays the Add Remote Destination dialog.
  • Source displays the Add Source dialog.

The following table describes the Add Source dialog.

                                   
ColumnDescription
Icon-Add.png Displays the Add Source dialog in which you select the Remote Collectors from which you want the Local Collector to pull events.
Icon_Delete_sm.png Deletes the Remote Collector from the Local Collector Remote Collectors panel.
icon-edit.png Displays the Edit Source dialog for the selected Remote Collector.
Checkbox.png Selects Remote Collectors.
NameNames of the Remote Collectors from which the Local Collector currently pulls events.
AddressIP Addresses of the Remote Collectors from which the Local Collector currently pulls events.

The following table describes the Local Collectors Panel.

                                       
ColumnDescription
Icon-Add.png Displays the Add Remote Destination dialog for the Group that you selected. You add destination Local Collectors for this group to which you want the Remote Collector to push events.
Icon_Delete_sm.png Deletes the destination Log Collector from the group.
 Displays the Edit Remote Destination dialog for the selected destination Local Collector.
Checkbox.png Selects a destination Local Collector.
Destination NameDisplays the name of the destination Local Collector.
AddressDisplays the IP address of the destination Local Collector.
CollectionsChoose which collection protocols that the Local Collector pulls from a Remote Collector:
Check Point
File
Netflow
ODBC
Plugins
SDEE
SNMP
VMware
Windows
Windows Legacy
You can select any combination of protocols. If you do not select a protocol, Security Analytics selects all protocols.

Tasks

Configure Local and Remote Collectors

You are here
Table of Contents > Log Collection Deployment Guide > Reference - Remote/Local Collectors Configuration Parameters Interface

Attachments

    Outcomes