Log Collection Event Sources Tab

Document created by RSA Information Design and Development Employee on Nov 22, 2016Last modified by RSA Information Design and Development Employee on May 4, 2017
Version 10Show Document
  • View in full screen mode

This topic introduces the service configuration parameters available on the Event Sources tab of the Log Collection service Config view.

Use the Event Sources tab of the Log Collector service Config view to configure the AWS (CloudTrail), Check Point, File, ODBC, SDEE, SNMP, Syslog, SNMP, VMware,  Windows, and Windows Legacy event sources.

To access the Log Collection Event Sources Tab:

  1. In the Security Analytics menu, select Administration >Services.
  2. In the Services grid, select a Log Collector service.
  3. Click Actions menu cropped under Actions and select View > Config.
    The Service Config view is displayed with the Log Collector General tab open.
  4. Click Event Sources tab.


The File/Config view in the Event sources tab has two panels: Event Categories and Sources.

Event Source Types Menu

The Log Collector Event Sources tab has a two-box, drop-down menu in which you select the collection protocol and any supporting parameters for that protocol.

In the left box, you select one of the following protocols: Check Point, File, ODBC, Plugins, SDEE, SNMP, SNMP, VMware, Windows, and Windows Legacy.  

In the right box, you select:

  • Config to configure the generic event source parameters for the type you selected in the left drop-down.  All generic Config panels have a toolbar with these options:
    • Add, Edit, and Delete
    • Import  (also Import Source, Import DSN)
    • Export (also Export Source, Export DSN)
  • For ODBC, SNMP, and Windows only:
    • For ODBC, DSNs to configure
    • For SNMP, SNMP v3 User Manager
    • For Windows, Kerberos Realm Configuration
  • For Syslog on Remote Collectors only, Syslog, Filters

Selecting an option displays a configuration panel where you configure the collection parameters for the event source. The configuration panels are slightly different for different event sources and are described separately.

The following drop-down menu has the configuration parameters selected for Check Point.


You are here
Table of Contents > Log Collection Configuration Guide > Reference - Configuration Parameters Interface > Log Collection Parameters > Log Collection Event Sources Tab