Log Collection Event Sources Tab

Document created by RSA Information Design and Development on Jul 23, 2016Last modified by RSA Information Design and Development on Sep 14, 2016
Version 4Show Document
  • View in full screen mode
 

This topic introduces the service configuration parameters available on the Event Sources tab of the Log Collection service Config view.

Use the Event Sources tab of the Log Collector service Config view to configure the AWS (CloudTrail), Check Point, File, ODBC, SDEE, SNMP, Syslog, SNMP, VMware,  Windows, and Windows Legacy event sources.

To access the Log Collection Event Sources Tab:

  1. In the Security Analytics menu, select Administration >Services.
  2. In the Services grid, select a Log Collector service.
  3. Click Actions menu cropped under Actions and select View > Config.
    The Service Config view is displayed with the Log Collector General tab open.
  4. Click Event Sources tab.

Features

The File/Config view in the Event sources tab has two panels: Event Categories and Sources.

Event Source Types Menu

The Log Collector Event Sources tab has a two-box, drop-down menu in which you select the collection protocol and any supporting parameters for that protocol.

In the left box, you select one of the following protocols: Check Point, File, ODBC, Plugins, SDEE, SNMP, SNMP, VMware, Windows, and Windows Legacy.  

In the right box, you select:

  • Config to configure the generic event source parameters for the type you selected in the left drop-down.  All generic Config panels have a toolbar with these options:
    • Add, Edit, and Delete
    • Import  (also Import Source, Import DSN)
    • Export (also Export Source, Export DSN)
  • For ODBC, SNMP, and Windows only:
    • For ODBC, DSNs to configure
    • For SNMP, SNMP v3 User Manager
    • For Windows, Kerberos Realm Configuration
  • For Syslog on Remote Collectors only, Syslog, Filters

Selecting an option displays a configuration panel where you configure the collection parameters for the event source. The configuration panels are slightly different for different event sources and are described separately.

The following drop-down menu has the configuration parameters selected for Check Point.

SelectProtocolDropDown.PNG

Attachments

    Outcomes