Log Collection Deploy: Push Events to Local Collectors

Document created by RSA Information Design and Development on Jul 29, 2016
Version 1Show Document
  • View in full screen mode
 

After completing this procedure, you will have configured a Remote Collector to push events to Local Collectors.

Return to Procedures.

Configure Remote Collector to Push Events to Log Collectors

You can configure a Remote Collector to push event data to one or more Local Collectors.

The following procedure explains how to configure a Remote Collector to push events to a Local Collector.

  1. In the Security Analytics menu, select Administration > Services.
  2. Select a Remote Collector.
  3. Click under Actions and select View > Config to display the Log Collection configuration parameter tabs
  4. Select the Local Collectors tab, select Destinations in the Select Configuration drop-down menu, and click to display in Destination Groups to display the Add Remote Destinations dialog.
  5. Specify a Local Collector to which the Remote Collector pushes events. Specify the Collection protocols to pull.
    Newly added Local Collector is displayed in the Local Collector tab.

Configure the Selected Remote Collector to Push Events to Specified Log Collectors

  1. In the Security Analytics menu, select Administration > Services.
  2. In Services, select a Remote Collector.
  3. Click AdvcdExpandBtn.PNGunder Actions and select View > Config.
    The Service Config view is displayed with the Log Collector General tab open.
  4. Select the Local Collectors tab.
  5. In the Destination Groups panel section, click Icon-Add.png.
    The Add Remote Destination dialog displays.
  6. Set up a Destination Group:
    1. Enter a Destination Name.
    2. (Optional) Enter a Group Name. If you leave Group Name blank, Security Analytics sets it to the value that you specified in Destination Name.
    3. Select one or more collection protocols in the Collections drop-down list.
    4. Under Log Collectors Addresses, click Icon-Add.png to select a Local Collector.
      AddRCDestination.png

Note: If you do not select a collection protocol, the Remote Collector pushes all collection protocols to the Local Collectors .

Parameters

Reference - Remote/Local Collectors Configuration Parameters Interface

You are here: Log Collection Deployment Guide > Procedures > Configure Local and Remote Collectors > Log Collection Deploy: Push Events to Local Collectors

Attachments

    Outcomes