This guide tells you how to configure File collection protocol which collects events from log files. The Event sources for this protocol generate log files that are transferred using a secure file transfer method to the Log Collector service.
How File Collection Works
The Log Collector service collects events from log files. Event sources generate log files that are transferred using a secure file transfer method to the Log Decoder host running the Log Collector service.
Configure File Collection Protocol in Security Analytics
You configure the Log Collector to use File collection for an event source in the Event Source tab of the Log Collector parameter view. The following figure depicts the basic workflow for configuring an event source for File Collection in Security Analytics. Please refer to:
- Step 1. Configure File Event Sources in Security Analytics for step-by-step instructions on how to configure events sources in Security Analytics that use the File Collection protocol.
- File Collection: Configuration Parameters for a detailed description of each File Collection Protocol parameter.
1. Access the Services view.
4. Click the Event Sources tab.
5. Select Fileas the collection protocol and select
6. Click and select and event source type (for example,
apache) as the event source category.
The event source category is part of the content you downloaded from LIVE.
Configure Event Sources to Use File Collection Protocol
You need to configure each event source that uses the File Collection protocol to communicate with Security Analytics (see Step 2. Configure File Event Sources to Send Events to Security Analytics).