The RSA Security Analytics administrator must configure event sources to send logs to the collectors. When event sources are configured they poll event sources, retrieve logs, and send the event data to Security Analytics). In the service Config view > General tab, you can perform these actions:
- Adjust the system configuration parameters if required in the System Configuration panel.
- Configure automatic start of log collection by event source type in the Log Collector Configuration panel:
- Check Point
- Plugins (AWS CloudTrail)
- Windows Legacy
To access the Log Collection General tab:
- In the Security Analytics menu, select Administration > Services.
- In Services, select a Log Collector service.
- Click under Actions and select View > Config.
The Service Config view is displayed with the Log Collector General tab open.
System Configuration Panel
The System Configuration panel manages service configuration for a Security Analytics service. When a service is first added, default values are in effect. You can edit these values to tune performance. Refer to the General tab for a description of these parameters.
The System Configuration section has these parameters.
|Compression||The minimum number of bytes that must be transmitted per response before compression. A setting of 0 disables compression. The default value is 0.|
A change in value is effective immediately for all subsequent connections.
|Port||The port on which the service service listens. The ports are: |
|SSL FIPS Mode||When enabled (on), the security of data transmission is managed by encrypting information and providing authentication with SSL certificates. The default value is off.|
|SSL Port||The Security Analytics Core SSL port on which the service service listens. The ports are: |
|Stat Update Interval||The number of milliseconds between statistic updates on the system. Lower numbers cause more frequent updates and can slow down other processes. The default value is 1000.|
A change in value is effective immediately.
|Threads||The number of threads in the thread pool to handle incoming requests. A setting of 0 lets the system decide. The default value is 15. |
A change takes effect on service restart.
Collector Configuration Panel
The Collector Configuration panel provides a way to enable automatic start of log collection by event source type: Check Point, File, ODBC, SDEE, SNMP, Syslog, VMware, and Windows.
|Enables or disables the automatic collection for all event types. |
|Start Collection on Service Startup||Enables automatic start, per event source type, of log collection when the Log Collector service starts. Valid values are: |
|Apply||Click Apply to save the changes to the parameter values.|