Log Collection GS: Step 1: Add Local and Remote Collectors

Document created by RSA Information Design and Development on Jul 29, 2016
Version 1Show Document
  • View in full screen mode
 

After completing this procedure, you will have ...

  • Added a Local Collector service.
  • Added a Remote Collector service.

Return to Procedures

Verify That the Log Decoder Is Set Up

Verify that the Log Decoder:

  • is capturing data.
  • has the current content loaded.
  • is properly licensed.

Please refer to the Log Decoder Configuration Guide for instructions on how to configure the Log Decoder.

Add a Local Collector

You add a Local Collector by adding the Log Collector service to a Log Decoder host in Security Analytics as explained in the following procedure.

  1. In the Security Analytics menu, select Administration > Services.
  2. Open the Add Service dialog by clicking > Log Collector.
  3. Define the details of the Log Collection service on a Local Collector.
  4. Click Test Connection.  If the connection is valid you will see Test connection successful. If the connection fails you will see Fail. If it failed, make sure that the Log Decoder host is running and that you have entered the correct information on the Add Service dialog and click Save again.

Add a Remote Collector (Optional)

You add a Remote Collector by adding the Log Collector service to a remote host as explained in the following procedure.

Note: Before you add a Windows Legacy Remote Collector, you must install the Security Analytics Legacy Windows Collector on a physical or virtual Windows 2008 SP1 64-bit server using the SALegacyWindowsCollector-version-number.exe. You download the SALegacyWindowsCollector-version-number.exe from SCOL (please refer to the Microsoft Windows Legacy Windows Eventing Configuration Guide for instructions.)

  1. In the Security Analytics menu, select Administration > Services.
  2. Open the Add Service dialog by clicking > Log Collector.
  3. Define the details of the Log Collection service on a Remote Collector and click Save. You must select the Remote checkbox.
  4. Click Test Connection.  If the connection is valid you will see Test connection successful. If the connection fails you will see Fail. If it failed, make sure that the Log Decoder host is running and that you have entered the correct information on the Add Service dialog and click Save again.
You are here: Log Collection Getting Started Guide > Procedures > Step 1: Add Local and Remote Collectors

Attachments

    Outcomes