Log Collection Deploy: Access Local Collectors and Remote Collectors

Document created by RSA Information Design and Development on Jul 29, 2016
Version 1Show Document
  • View in full screen mode
 

You can access a Local Collector or Remote Collector by selecting the service that you want in the AdministrationServices view. If you do not see a Local Collector or Remote Collector in the Services view, you need to add it.

After completing this procedure, you will have:

  • Added a Local Collector service.
  • Added a Remote Collector service.
  • Added a Windows Legacy service.

Return to Procedures.

Add a Local Collector

You add a Local Collector by adding the Log Collector service to a Log Decoder host in Security Analytics.

  1. In the Security Analytics menu, select Administration > Services.
  2. Click to open the Add Service dialog and select Log Collector.
  3. Define the details of the Log Collector service on a Local Collector.
  4. Click Test Connection. If the connection is valid, you will see Test connection successful. If the connection fails, you will see Fail. If it failed, make sure that the Log Decoder host is running and that you have entered the correct information on the Add Service dialog and click Save again.

To add a Local Collector:

  1. In the Security Analytics menu, select Administration > Services.
  2. In the Services view, select Icon-Add.png in the toolbar.
    The Add Service dialog is displayed.
    AddLC.PNG
  1. In the Add Service dialog, provide the following information.
                            
FieldDescription
ServiceSelect Log Collector as the service type.
NameType name you want to assign to the service.
HostSelect a Log Decoder host.
PortDefault port is 50101.
SSLSelect SSL if you want Security Analytics to communicate with the host using SSL. The security of data transmission is managed by encrypting information and providing authentication with SSL certificates.

Note: If you select SSL, ensure SSL is enabled in the System Configuration panel of the Log Collector general tab.

UsernameType the username of the Local Collector.
PasswordType the password of the Local Collector.
RemoteDo not select when you are adding a Local Collector.
  1. Click Test Connection to determine if Security Analytics connects to the service.
  2. When the result is successful, click Save.
    If the test is unsuccessful, edit the service information and retry. 

Note: Make sure that you leave the Remote checkbox unselected to add the Log Collector service to the Log Decoder host.

Add a Remote Collector or a Windows Legacy Remote Collector

You add a Remote Collector by adding the Log Collector service to a remote host.

Note: Before you add a Windows Legacy Remote Collector, you must install the Security Analytics Legacy Windows Collector on a physical or virtual Windows 2008 SP1 64-bit server using the SALegacyWindowsCollector-version-number.exe. You download the SALegacyWindowsCollector-version-number.exe from Download Central (please refer to the SA-v10.4 Legacy Windows Upgrade and Installation Instructions.)

  1. In the Security Analytics menu, select Administration > Services.
  2. Click to open the Add Service dialog and select Log Collector.
  3. Define the details of the Log Collection service on a Remote Collector. You must select the Remote checkbox.
  4. Click Test Connection. If the connection is valid you will see Test connection successful. If the connection fails you will see Fail.If it failed, make sure that the Log Decoder host is running and that you have entered the correct information on the Add Service dialog and click Save again.

To add a Remote Collector:

  1. In the Security Analytics menu, select Administration > Services.
  2. In the Services view, select Icon-Add.png in the toolbar.
    The Add Service dialog is displayed.
    AddRC.png
  3. In the Add Service dialog, provide the following information
                            
FieldDescription
ServiceSelect Log Collector as the service type.
NameType the service name.
HostSelect a remote host.
PortDefault port is 50101.
SSLSelect SSL if you want Security Analytics to communicate with the host using SSL. The security of data transmission is managed by encrypting information and providing authentication with SSL certificates.

Note: If you select SSL, ensure SSL is enabled in the System Configuration panel of the Log Collector general tab.

UsernameType the username of the Remote Collector.
PasswordType the password of the Remote Collector.
RemoteSelect when you are adding a Remote Collector.
  1. Click Test Connection to determine if Security Analytics connects to the service.
  2. When the result is successful, click Save.
    If the test is unsuccessful, edit the service information and retry. 

Note: You must select the Remote checkbox to designate the Log Collector as a Remote Collector.

You are here: Log Collection Deployment Guide > Procedures > Access Local Collectors and Remote Collectors

Attachments

    Outcomes