This topic describes the parameters in the Syslog Event Sources view.
Caution: Do not configure Syslog Collection for Local Log Collectors. You only need to configure Syslog Collection for Remote Collectors.
To access the Event Sources Tab for a remote log collector:
- In the Security Analytics menu, select Administration >Services.
- In the Services grid, select a Log Collector service.
- Click under Actions and select View > Config.
- In the Log Collector Event Sources tab, select Syslog/Config from the drop-down menu.
The Syslog/Config view in the Event Sources tab has two panels: Event Categories and Sources.
Event Categories Panel
In the Event Categories panel, you can add or delete the appropriate event source types.
Available Event Sources Types Dialog
The Available Event Source Types dialog displays the list of supported event source types.
Use this panel to review, add, modify, and delete event sources and their parameters for the event source type you selected in the Event categories panel.
The following table provides descriptions of the toolbar options.
Add or Modify Sources Dialog
In this dialog, you add or modify an event source for the selected event source type.
|Source Parameters||Lists the parameters populated with the default values. Enter or modify the appropriate values.|
|Cancel||Closes the dialog without adding an event source or saving the parameter values for the selected event source.|
|OK||In the Add Sources dialog, adds the event source and its parameters. In the Edit Source dialog, applies the parameter value changes for the selected event source.|
The following table provides descriptions of the source parameters.
|Port*||Default port is 514.|
|Enabled||Select the check box to enable the event source configuration to start collection. The check box is selected by default.|
|Maximum Receivers||Maximum number of receiver resources used to process collected syslog events. The default value is 2.|
|Inflight Publish Log Threshold|| |
Establishes a threshold that, when reached, Security Analytics generates a log message to help you resolve event flow issues. The Threshold is the size of the syslog event messages currently flowing from the event source to Security Analytics.
Valid values are:
|Event Filter|| |
Select a filter.
Please refer to Configure Syslog Event Filters for Remote Collector for instructions on how to define filters.
Caution: Only enable debugging (set this parameter to "On" or "Verbose") if you have a problem with an event source and you need to investigate this problem. Enabling debugging will adversely affect the performance of the Log Collector.
Enables/disables debug logging for the event source.
Valid values are:
This parameter is designed to debug and monitor isolated event source collection issues. The debug logging is verbose, so limit the number of event sources to minimize performance impact.
|Cancel||Closes the dialog without making adding an event source type.|
|OK||Adds the parameters for the event source.|