Log Collection Config: Configure Syslog Event Sources for Remote Collector

Document created by RSA Information Design and Development on Jul 29, 2016
Version 1Show Document
  • View in full screen mode
 

After completing this how-to you will have:

  • Configured a Syslog Event Source
  • Modified a Syslog Event Source

Caution: Do not configure Syslog Collection for Local Log Collectors. You only need to configure Syslog Collection for Access Local Collectors and Remote Collectors.

Return to Procedures.

Configure a Syslog Event Source

Note: The Log Decoder collects Syslog messages directly from local site’s event sources. This means that you only need to complete the following procedures if you are collecting Syslog messages from a remote site through a Remote Collector.

To configure a Syslog event source:

  1. In the Security Analytics menu, select Administration >Services.
  2. In the Services grid, select a Log Collector service.
  3. Click AdvcdExpandBtn.PNGunder Actions and select View > Config.
  4. In the Log Collector Event Sources tab, select Syslog/Config from the drop-down menu.
    The Event Categories panel displays the Syslog event sources that are configured, if any.
  5. In the Event Categories panel toolbar, click Icon-Add.png.
    The Available Event Source Types dialog is displayed.
    SyslogAvESTyps.PNG
  6. Select an event source type (for example, syslog-tcp) and click OK.
    The newly added event source type is displayed in the Event Categories panel.
  7. Select the new type in the Event Categories panel and click Icon-Add.png in the Sources panel
    toolbar.
    The Add Source dialog is displayed.
    SyslogAddSrc.PNG
  8. Modify any of the parameter settings and click OK.
    The Syslog event source is added to the Sources panel.
    SyslogAddedSource.PNG

Modify a Syslog Event Source

To modify an event source:

  1. In the Security Analytics menu, select Administration >Services.
  2. In the Services grid, select a Log Collector service.
  3. Click AdvcdExpandBtn.PNGunder Actions and select View > Config.
  4. In the Log Collector Event Sources tab, select Syslog/Config from the drop-down menu.
  5. Select an event source type (for example, syslog-tcp) and click OK.
  1. In the Source panel, select an event source (for example, tcp514) and click icon-edit.png.
    The Edit Source dialog is displayed.
    SyslogEditSrc.PNG
  2. Modify the parameters that require changes and click OK.
    Security Analytics applies the parameter changes to the selected event source.

Parameters

Syslog Event Source Configuration Parameters for Remote Collector

You are here: Log Collection Configuration Guide > Procedures > Step 3: Configure Event Sources in Security Analytics > Configure Syslog Event Sources for Remote Collector

Attachments

    Outcomes