Use the Event Sources tab of the Log Collector service Config view to configure the AWS (CloudTrail), Check Point, File, ODBC, SDEE, SNMP, Syslog, SNMP, VMware, Windows, and Windows Legacy event sources.
To access the Log Collection Event Sources Tab:
- In the Security Analytics menu, select Administration >Services.
- In the Services grid, select a Log Collector service.
- Click under Actions and select View > Config.
The Service Config view is displayed with the Log Collector General tab open.
- Click Event Sources tab.
The File/Config view in the Event sources tab has two panels: Event Categories and Sources.
Event Source Types Menu
The Log Collector Event Sources tab has a two-box, drop-down menu in which you select the collection protocol and any supporting parameters for that protocol.
In the left box, you select one of the following protocols: Check Point, File, ODBC, Plugins, SDEE, SNMP, SNMP, VMware, Windows, and Windows Legacy.
In the right box, you select:
- Config to configure the generic event source parameters for the type you selected in the left drop-down. All generic Config panels have a toolbar with these options:
- Add, Edit, and Delete
- Import (also Import Source, Import DSN)
- Export (also Export Source, Export DSN)
- For ODBC, SNMP, and Windows only:
- For ODBC, DSNs to configure
- For SNMP, SNMP v3 User Manager
- For Windows, Kerberos Realm Configuration
- For Syslog on Remote Collectors only, Syslog, Filters
Selecting an option displays a configuration panel where you configure the collection parameters for the event source. The configuration panels are slightly different for different event sources and are described separately.
The following drop-down menu has the configuration parameters selected for Check Point.