Log Collection File: The Basics

Document created by RSA Information Design and Development on Jul 29, 2016
Version 1Show Document
  • View in full screen mode

This guide tells you how to configure File collection protocol which collects events from log files. The Event sources for this protocol generate log files that are transferred using a secure file transfer method to the Log Collector service.

How File Collection Works

The Log Collector service collects events from log files. Event sources generate log files that are transferred using a secure file transfer method to the Log Decoder host running the Log Collector service.

Deployment Scenario

The File collection protocol collects event data from log files.



Configure File Collection Protocol in Security Analytics

You configure the Log Collector to use File collection for an event source in the Event Source tab of the Log Collector parameter view. The following procedure explains the basic workflow for configuring an event source for File Collection in Security Analytics. Please refer to:

  1. In the Security Analytics menu, select Administration > Services.
  2. Select a Log Collection service.
  3. Click under Actions and select View > Config to display the Log Collection configuration parameter tabs.
  4. Click the Event Sources tab.
  5. Select File as the collection protocol and select Config.
  6. Click and select and event source type (for example, apache) as the event source category.
    The event source category is part of the content you downloaded from LIVE.
  7. Select the newly added category (for example, apache). Click .
  8. Specify the basic parameters required for the event source.
  9. Click and specify additional parameters that enhance how the protocol handles event collection for the event source.

Configure Event Sources to Use File Collection Protocol

You need to configure each event source that uses the File Collection protocol to communicate with Security Analytics (see Step 2: Configure File Event Sources to Send Events to Security Analytics).