Windows Legacy Collection: Step 2. Configure Event Sources in SA

Document created by RSA Information Design and Development on May 9, 2016Last modified by RSA Information Design and Development on May 4, 2017
Version 6Show Document
  • View in full screen mode
  

This topic tells you how to configure Windows Legacy event sources in Security Analytics.

The Windows Legacy collection protocol collects event data from Windows 2003 or earlier event sources, and from NetApp event sources.

After completing this procedure, you will have:

  • Configured a Windows Legacy event source.
  • Modified a Windows Legacy event source.

Return to Procedures

Prerequisites

Before you configure a Windows Legacy event source, make sure that you have:

  1. Installed the Security Analytics Windows Legacy Remote Collector on a physical or virtual Windows 2008 64-bit server.
  2. Added this Windows Legacy Remote Collector to Security Analytics.

Procedures

Add a Windows Legacy Event Source

  1. In the Security Analytics menu, select Administration > Services.
  2. In the Services grid, select a Windows Legacy Log Collector service.
  3. In the toolbar, select View > Config > Event Sources.
  4. In the Event Sources tab, select one of the following options from the drop-down menu.

    • Windows Legacy/Windows.
    • Windows Legacy/NetApp.
  5. Configure the alias:

    1. Click Icon-Add.png in the Event Categories panel toolbar.
      The Add Source dialog is displayed.
    2. Specify values for the parameters and click OK.
      WinLeg-WinAddSrc.PNG
      The newly added windows event source type is displayed in the Event Categories panel.
  6. Add the event source:
    1. Select the new alias in the Event Categories panel and click Icon-Add.png in the Source panel toolbar.
      The Add Source dialog is displayed.
    2. Specify values for the event source parameters and click OK.
      WinLeg-WinAddSrc2.PNG
      The newly added Windows event source is displayed in the Event Categories panel.

      WinLeg-WinAddSrc3.PNG

Modify a Windows Legacy Event Source

  1. In the Security Analytics menu, select Administration > Services.
  2. In the Services grid, select a Log Collector service.
  3. In the Actions drop-down, select View > Config.
  4. In the Event Sources tab, select one of the following options from the drop-down menu.

    • Windows Legacy/Windows.
    • Windows Legacy/NetApp
  5. Modify the source parameters.
    1. In the Event Categories panel, select a source and click icon-edit.png.
      The Edit Domain dialog is displayed.
    2. Modify the source parameters that require changes and click Save.
      WinLeg-WinEditSource2.PNG
  6. Modify the event source parameters.
    1. In the Source panel, select an event source and click icon-edit.png.
      The Edit Source dialog is displayed.
    2. Modify the event source parameters that require changes and click Save.
      Security Analytics applies the parameter changes to selected host

Parameters

References - Windows Legacy and NetApp Collection Configuration Parameters

You are here
Table of Contents > Windows Legacy and NetApp Collection Configuration Guide > Procedures > Step 2. Configure Windows Legacy and NetApp Event Sources in Security Analytics

Attachments

    Outcomes