000026809 - What 'Source Type' to use when configuring Event Source Monitoring in RSA Security Analytics

Document created by RSA Customer Support Employee on Jun 14, 2016Last modified by RSA Customer Support Employee on Apr 21, 2017
Version 4Show Document
  • View in full screen mode

Article Content

Article Number000026809
Applies ToRSA Security Analytics
RSA Security Analytics Event Source Monitoring
IssueWhat "Source Type" to use when configuring  Event Source Monitoring in RSA Security Analytics.
Which Source Type should I use when configuring Event Source Monitoring in Security Analytics?
How do I know what to enter for the Source Type when setting up Event Source Monitoring in SA?
Resolution

As an example, if you are sending syslog messages from  a SecurID server to Security Analytics and you want to receive a notification when the SecurID server stops sending messages
to Security Analytics (within a specified threshold) then you have to use rsaacesrv as the source type.


 

In order to check the correct Source Type:
From SA UI --> Administration --> Devices --> LogDecoder --> View --> Stats --> Log Stats
Here you have a list of the Event Source Types.

NotesFor additional information, refer to the RSA Security Analytics documentation entitled Configure Event Monitoring.
Legacy Article IDa64756

Attachments

    Outcomes