Log Collection Deploy: Pull Events from Remote Collector

Document created by RSA Information Design and Development on Jul 29, 2016
Version 1Show Document
  • View in full screen mode
 

After completing this procedure, you will have configured a Local Collector to pull Events from a Remote Collector.

Return to Procedures.

Configure Local Collector to Pull Events from Remote Collector

You can configure a Local Collector to pull event data from one or more Remote Collectors.

The following procedure explains how to configure a Local Collector to pull events from a Remote Collector.

  1. In the Security Analytics menu, select Administration > Services.
  2. Select a Remote Collector.
  3. Click under Actions and select View > Config to display the Log Collection configuration parameter tabs.
  4. Select the Local Collectors tab, select Destinations in the Select Configuration drop-down menu, and click to display in Destination Groups to display the Add Remote Destinations dialog.
  5. Specify a Local Collector to which the Remote Collector pushes events. Specify the Collection protocols to pull.
  6. Newly added Local Collector is displayed in the Local Collector tab.

Configure the Selected Local Collector to Pull Events from Specified Remote Collector

  1. In the Security Analytics menu, select Administration > Services.
  2. In Services, select a Local Collector.
  3. Click AdvcdExpandBtn.PNGunder Actions and select View > Config.
    The Service Config view is displayed with the Log Collector General tab open.
  4. Click the Settings tab.
  5. Select the Remote Collectors tab.
  6. Click Icon-Add.png.
    The Add Source dialog displays.
  7. In the Add Source dialog:
    1. Select a Remote Collector from the drop-down list.
    2. Select one or more collection protocols.
      RCAddSrc.png

      Note: If you do not select a collection protocol, the Local Collector pulls all collection protocols from the Remote Collector.

    3. Click OK.

The Remote Collector is added to the Remote Collector section. When the Log Collector starts collecting data, it pulls event data from this Remote Collector.

The following tab shows File as the only protocol selected.
LCProSel1.png

The following tab shows all protocols selected. Security Analytics select all protocols if you leave the Collections field blank.
LCProSel2.png

Parameters

Reference - Remote/Local Collectors Configuration Parameters Interface

You are here: Log Collection Deployment Guide > Procedures > Configure Local and Remote Collectors > Pull Events from Remote Collector

Attachments

    Outcomes