Log Collection GS: Step 4: Configure Collection Protocols and Event Sources

Document created by RSA Information Design and Development on Jul 29, 2016
Version 1Show Document
  • View in full screen mode
 

You configure the Log Collector to collect event data from your event sources in the Event Sources tab of the Log Collection parameter view.  

Configure a Collection Protocol

Return toProcedures

The following figure shows the basic workflow for configuring an event source in Security Analytics.  Each event source has different parameters so you must to refer to guides for the event source you are configuring for all the instructions.

  1. In the Security Analytics menu, select Administration > Services.
  2. Select a Log Collection service.
  3. Click under Actions and select View > Config to display the Log Collection configuration parameter tabs.
    ConfigFileProtocol1.png
  4. Click the Event Sources tab.
  5. Select a collection protocol (for example, File) and select Config.
  6. Click and select an event source category (for example, apache).
    The event source category is part of the content you downloaded from LIVE.
  7. Select the newly added category (for example, apache).
    Click .
  8. Specify the basic parameters required for the event source.
  9. Click and specify additional parameters that enhance how the protocol handles event collection for the event source.

Individual Collection Protocol Guides

The following guides provide detailed instructions on how to configure the collection protocols and their associated event sources in Security Analytics.  Each guide includes an index to configuration instructions for the event sources supported for that collection protocol.

This topic contains a table that with links to the configuration instructions for every event source supported by Security Analytics.

RSA Security Analytics Supported Event Sources

The following illustration shows you the first section of the table in the Supported Event Sources topic from which you:

  1. Find the events sources Security Analytics currently support by collection protocol.
  2. Display the configuration instructions for an event source.
                                                    
Event Source NameVersionParser NameCollection ProtocolInstructions
Actiance Vantage12.2actiancevantageODBC 
ActivIdentity 4TRESS AAA Server6.4.1actividentityODBC 
AirMagnet Enterprise7.5, 8.5, 10.1airmagnetSyslog 
Alcatel-Lucent Omniswitch6600, 6850, 9700alcatelomniswitchSyslog, SNMP 
Apache HTTP Server2.1, 2.2, 2.4apacheFile 
You are here: Log Collection Getting Started Guide > Procedures > Step 4: Configure Collection Protocols and Event Sources

Attachments

    Outcomes