Log Collection File: Step 4: Verify That File Collection Is Working

Document created by RSA Information Design and Development on Jul 29, 2016
Version 1Show Document
  • View in full screen mode
 

This topic tells you what to check in Security Analytics to verify that you have configured File Collection correctly.

Return toProcedures

You need to verify that File Collection has been configured correctly, in order to ensure that it works.

The following procedure explains how you can verify that File collection is working from the Administration > Health & Wellness > Event Source Monitoring tab.

VerifyFile.png

  1. Access the Event Source Monitoring tab from the Administration > Health & Wellness view.
  2. Find the Log Decoder, Event Source, and Event Source Type (for example apache).
  3. Look for activity in the Count column to verify that File collection is accepting events.

The following procedure explains how you can verify that File collection is working from the Investigation> Events > view.

VerfiyNtflwInvest1.png

  1. Access the Investigation > Events view.
  2. Select the Log Decoder (for example, LD1) collecting File events in the Investigate a Device dialog.
    VerifyInvestFile2.png
  3. Look for a File event source parser (for example, apache) in the Device Type column to verify that File collection is accepting events.
You are here: File Collection Protocol Configuration Guide > Procedures > Step 4: Verify That File Collection Is Working

Attachments

    Outcomes