Sys Maintenance: Health and Wellness Settings Tab - Event Sources

Document created by RSA Information Design and Development on Nov 23, 2016Last modified by RSA Information Design and Development on Aug 2, 2017
Version 10Show Document
  • View in full screen mode
  

Note: This tab is being deprecated. To manage Event Sources, see About Event Source Management in the RSA Security Analytics Event Source Management Guide.

The Event Source Monitoring view consists of the Event Source panel, Add/Edit Source Monitor dialog, Decommission panel, and the Decommission dialog. You use the view to configure:

  • When to generate notifications for event sources from which the Log Collector is no longer receiving logs.
  • Where to send those notifications.
  • When to decommission a Log Collector when a Remote Collector and the Local Collector fails over to a standby Log Decoder.

The required role to access this view is Manage SA Auditing. To access this view:

  1. In the Security Analytics menu, select Administration > Health & Wellness.
  2. Select Settings > Event Source.
    The Event Source tab is displayed.

esm_monitoring_settings.png

For the related procedure, see Configure Event Source Monitoring.

Features

Event Source Monitoring Panel

                                                 
FeatureDescription
Configure email or distribution list.Opens the Administration > System > Email view so you can adjust the email distribution for the Event Source Monitoring output, if necessary.
Configure Syslog and SNMP Trap servers.Opens the Administration > System > Auditing view so you can adjust the Syslog and SNMP trap distribution for the Event Source Monitoring output, if necessary.
Icon-Add.png Displays the Add/Edit Source Monitor dialog in which you add or modify event sources to monitor.
Icon_Delete_sm.png Deletes the selected event sources from monitoring.
Checkbox.png Selects an event source.
Source TypeDisplays the source type of the event source.
Source HostDisplays the source host of the event source.
Time ThresholdDisplays the time period after which Security Analytics stops sending notifications (Time Threshold).
ApplyApplies any additions, deletions,  or changes and they become effective immediately.
CancelCancels any additions, deletion, or changes.

Decommission Panel

                                         
FeatureDescription
Icon-Add.png Displays the Decommission dialog in which you add or modify event sources to decommission.
Icon_Delete_sm.png Deletes the selected event sources from decommissioning.
Checkbox.png Selects an event source.
RegexDisplays if you choose to use regular expressions 
Source TypeDisplays the source type of the decommissioned event source.
Source HostDisplays the source host of the decommissioned event source.
ApplyApplies any additions, deletions, or changes and they become effective immediately.
CancelCancels any additions, deletions, or changes.

Add/Edit Source Monitor Dialog

add-edit_source_monitor_dialog.png

In Add/Edit Source Monitor dialog, you add or modify the the event sources that you want to monitor.  The two parameters that identify an event source are Source Type and Source Host. You can use globbing (pattern matching and wildcard characters) to specify the Source Type and Source Host of event sources as shown in the following example:

                                                             

Source Type

 

Source Host
ciscopix 1.1.1.1
* 1.1.1.1
* *
* 1.1.1.1|1.1.1.2
* 1.1.1.[1|2]
* 1.1.1.[123]
* 1.1.1.[0-9]
* 1.1.1.11[0-5]
* 1.1.1.1,1.1.1.2
* 1.1.1.[0-9]|1.1.1.11[0-5]
* 1.1.1.[0-9]|1.1.1.11[0-5],10.31.204.20
* 1.1.1.*
* 1.1.1.[0-9]{1,3}
                                 
FeatureDescription
RegexSelect the checkbox if you want to use regular expressions 
Source TypeThe source type of the event source. You must use the value that you configured for the event source in the Event Sources tab of the Administration > Services > Log Collector device > View > Config view.
Source HostHostname or IP address of the event source. You must use the value that you configured for the event source in the Event Sources tab of the Administration > Services > Log Collector device > View > Config view.
Time ThresholdThe time period after which Security Analytics starts sending notifications.
CancelCloses the dialog without adding the event source, or changes to the event source, to the Event Source Monitoring panel.
OKAdds the event source to the Event Source Monitoring panel.

Decommission Dialog

decommission_dialog.png

                         
FeatureDescription
Source TypeThe source type of the event source. You must use the value that you configured for the event source in the Event Sources tab of the Administration > Services > Log Collector device > View > Config view.
Source HostHostname or IP address of the event source. You must use the value that you configured for the event source in the Event Sources tab of the Administration > Services > Log Collector device > View > Config view.
CancelCloses the dialog without applying any event source additions, deletions, or changes to the Decommissioning panel.
OKApplies any event source additions, deletions, or changes to the Decommissioning panel.
You are here
Table of Contents > References > Health and Wellness > Health and Wellness Settings Tab - Event Sources

Attachments

    Outcomes