Log Collection: Step 1. Add Local and Remote Collectors

Document created by RSA Information Design and Development on Nov 22, 2016Last modified by RSA Information Design and Development on May 4, 2017
Version 10Show Document
  • View in full screen mode
  

This topic tells how to perform the initial setup of Local Collectors and Remote Collectors so that you can configure them.

After completing this procedure, you will have ...

  • Added a Local Collector service.
  • Added a Remote Collector service

Verify That the Log Decoder Is Set Up

Verify that the Log Decoder:

  • is capturing data.
  • has the current content loaded.
  • is properly licensed.

Please refer to the Log Decoder Configuration Guide for instructions on how to configure the Log Decoder.

Add a Local Collector

You add a Local Collector by adding the Log Collector service to a Log Decoder host in Security Analytics as shown in the following figure.

AddRCLA1(simple).png

Access the Services view.

Open the Add Service dialog.

AddLCRC3(simple).png

Define the connection details of the Log Collection service on a Local Collector.

Click Test Connection.  If the connection is valid you will see Test connection successful. If the connection fails you will see Fail. If it failed, make sure that the Log Decoder host is running and that you have entered the correct information on the Add Service dialog and click Save.

Add a Remote Collector (Optional)

You add a Remote Collector by adding the Log Collector service to a remote host as shown in the following figure.

Note: Before you add a Legacy Windows Remote Collector, you must install the Security Analytics Legacy Windows Collector on a physical or virtual Windows 2008 SP1 64-bit server using the SALegacyWindowsCollector-version-number.exe. You download the SALegacyWindowsCollector-version-number.exe from SCOL (please refer to the Microsoft Windows Legacy Windows Eventing Configuration Guide for instructions.)

AddRCLA1(simple).png

Access the Services view.

AddRCLA2(simple).png

Open the Add Service dialog.

AddRCLA3(simple).png

Define the connection details of the Log Collection service on a Remote Collector and click Save

Click Test Connection.  If the connection is valid you will see Test connection successful. If the connection fails you will see Fail. If it failed, make sure that the Log Decoder host is running and that you have entered the correct information on the Add Service dialog and click Save again.

Previous Topic:Procedures
You are here
Table of Contents > Log Collection Getting Started > Procedures > Step 1. Add Local and Remote Collectors

Attachments

    Outcomes