000026809 - What 'Source Type' to use when configuring Event Source Monitoring in RSA Security Analytics in 10.x

Document created by RSA Customer Support Employee on Jun 14, 2016Last modified by RSA Customer Support on Sep 26, 2019
Version 5Show Document
  • View in full screen mode

Article Content

Article Number000026809
Applies ToRSA Product Set: Security Analytics
SA Product/Service Type: Event Source Monitoring
RSA Version/Condition: 10.x
Platform: CentOS
O/S Version: EL6
IssueWhat "Source Type" to use when configuring  Event Source Monitoring in RSA Security Analytics.
Which Source Type should I use when configuring Event Source Monitoring in Security Analytics?
How do I know what to enter for the Source Type when setting up Event Source Monitoring in SA?

As an example, if you are sending syslog messages from  a SecurID server to Security Analytics and you want to receive a notification when the SecurID server stops sending messages
to Security Analytics (within a specified threshold) then you have to use rsaacesrv as the source type.


In order to check the correct Source Type:

From SA UI --> Administration --> Devices --> LogDecoder --> View --> Stats --> Log Stats

Here you have a list of the Event Source Types.

User-added image

NotesFor additional information, refer to the RSA Security Analytics documentation entitled Configure Event Monitoring.
Legacy Article IDa64756