Netflow Collection: Step 1. Configure Event Sources in SA

Document created by RSA Information Design and Development on Nov 22, 2016Last modified by RSA Information Design and Development on May 4, 2017
Version 10Show Document
  • View in full screen mode
  

This topic tells you how to configure Netflow event source sources for the Log Collector.

After completing this procedure, you will have...

  • Configured a Netflow event source.
  • Modified a Netflow event source.

Return to Procedures

Procedures

Step 1. Configure Netflow Event Sources in Security Analytics

  1. In the Security Analytics menu, select Administration > Services.
  2. In the Services grid, select a Log Collector service.
  3. Click AdvcdExpandBtn.PNGunder Actions and select View > Config.
  4. In the Log Collector Event Sources tab, select Netflow/Config from the drop-down menus.
  5. In the Event Categories panel toolbar, click Icon-Add.png.
  6. Select an event source type (for example, netflow) and click OK.
    The newly added event source type is displayed in the Event Categories panel.
  7. Select the new type in the Event Categories panel and click Icon-Add.png in the Sources toolbar.
    The Add Source dialog is displayed.
  8. Specify the port, modify any other parameters that require changes, and click OK.

Note: Security Analytics opens the 2055, 4739, 6343, and 9995 ports on the firewall by default.  You can open other ports for Netflow if required.

EvSrcAddSrc.png

The new event source is displayed in the list.

Modify a Netflow Event Source

  1. In the Security Analytics menu, select Administration > Services.
  2. In the Services grid, select a Log Collector service.
  3. Click AdvcdExpandBtn.PNGunder Actions and select View > Config.
  4. In the Log Collector Event Sources tab, select Netflow/Config from the drop-down menu.
  5. Select netflow for the event source type from the Event Categories panel and click OK.
  6. In the Sources panel, select an event source and click icon-edit.png.
    The Edit Source dialog is displayed.
  7. Modify the parameters that require changes and click OK.

    Security Analytics applies the parameter changes to the selected event source.
Previous Topic:Procedures
You are here
Table of Contents > Netflow Collection Configuration Guide > Procedures > Step 1. Configure Netflow Event Sources in Security Analytics

Attachments

    Outcomes