Log Collection Config: The Basics

Document created by RSA Information Design and Development on Jul 29, 2016
Version 1Show Document
  • View in full screen mode

This topics describes the configuration process and illustrates how to perform this configuration using the Security Analytics user Interface.

Log Collection Configuration

After you deploy Log Collection, you must configure the parameters for each log collector service running locally or remotely. You perform this configuration in the Log Collection Configuration views for service.

Configuration Parameter Interface

  1. In the Security Analyticsmenu, select Administration >Services.
  2. In the Services grid, select the log collector service you want to configure.
  3. In the toolbar, select View > Config
  4. Click the General tab to review the high-level system parameters and enable or disable the automatic start of collection protocols.
  5. Click the Remote Collectors/Local Collectors tab to configure the method of sending events collected by Remote Collectors to the Local Collector.
  6. Click the Files tab to edit service configuration files for the Log Decoder as text files.
  7. Click the Event Sources tab to configure parameters for supported collection protocols.
  8. Click the Settings tab to configure the lockbox and manage certificates.
  9. Click the Appliance Service Configuration tab to review the statistics for the Log Decoder host.
You are here: Log Collection Configuration Guide > The Basics