Log Collection Config: The Basics

Document created by RSA Information Design and Development Employee on May 9, 2016Last modified by RSA Information Design and Development Employee on May 4, 2017
Version 6Show Document
  • View in full screen mode

This topics describes the configuration process and illustrates how to perform this configuration using the Security Analytics user Interface.

Log Collection Configuration

After you deploy Log Collection, you must configure the parameters for each log collector service running locally or remotely. You perform this configuration in the Log Collection Configuration views for service.

Configuration Parameter Interface

In the Security Analytics menu, select Administration > Services.

In the Services grid, select the log collector service you want to configure.

In the toolbar, select View > Config.

Click the General tab to review the high-level system parameters and enable or disable the automatic start of collection protocols.

Click the Remote Collectors/Local Collectors tab to configure the method of sending events collected by Remote Collectors to the Local Collector.

Click the Files tab to edit service configuration files for the Log Decoder as text files.

Click the Event Sources tab to configure parameters for supported collection protocols.

Click the Settings tab to configure the lockbox and manage certificates.

Click the Appliance Service Configuration tab to review the statistics for the Log Decoder host.

Next Topic:Procedures
You are here
Table of Contents > Log Collection Configuration Guide > The Basics