File Collection: The Basics

Document created by RSA Information Design and Development on Nov 22, 2016Last modified by RSA Information Design and Development on May 4, 2017
Version 10Show Document
  • View in full screen mode
  

This guide tells you how to configure File collection protocol which collects events from log files. The Event sources for this protocol generate log files that are transferred using a secure file transfer method to the Log Collector service.

How File Collection Works

The Log Collector service collects events from log files. Event sources generate log files that are transferred using a secure file transfer method to the Log Decoder host running the Log Collector service.

Deployment Scenario

The File collection protocol collects event data from log files.

File_Deployment.png

Procedures

Configure File Collection Protocol in Security Analytics

You configure the Log Collector to use File collection for an event source in the Event Source tab of the Log Collector parameter view. The following figure depicts the basic workflow for configuring an event source for File Collection in Security Analytics. Please refer to:

AddRCLA1(simple).png

1. Access the Services view.

LCParamConfigNav.png

2. Select a Log Collection service.

3. Click Actions menu cropped under Actions and select View > Config to display the Log Collection configuration parameter tabs.

ConfigFileProtocol1.png

4. Click the Event Sources tab.

5. Select Fileas the collection protocol and select
Config.

6. Click Icon-Add.png and select and event source type (for example,
apache) as the event source category.

The event source category is part of the content you downloaded from LIVE.

ConfigCPProtocol2.png

7. Select the newly added category (for example,
apache).

Click Icon-Add.png.

ConfigFileProtocol3.png

8. Specify the basic parameters required for the event source.

9. Click AdvcdExpandBtn.PNG and specify additional parameters that enhance how  the protocol handles  event collection for the event source.

Configure Event Sources to Use File Collection Protocol

You need to configure each event source that uses the File Collection protocol to communicate with Security Analytics (see Step 2. Configure File Event Sources to Send Events to Security Analytics).

Next Topic:Procedures
You are here
Table of Contents > File Collection Protocol Configuration Guide > The Basics

Attachments

    Outcomes