Log Collection: Step 4. Configure Collection Protocols and Event Sources

Document created by RSA Information Design and Development on Mar 23, 2017Last modified by RSA Information Design and Development on May 4, 2017
Version 4Show Document
  • View in full screen mode
  

This topic tells you how to configure collection protocols and the event sources using those protocols.

You configure the Log Collector to collect event data from your event sources in the Event Sources tab of the Log Collection parameter view.

Procedures

Configure a Collection Protocol

The following figure shows the basic workflow for configuring an event source in Security Analytics.  Each event source has different parameters so you must to refer to guides for the event source you are configuring for all the instructions.

AddRCLA1(simple).png

Access the Services view.

LCParamConfigNav.png

Select a Log Collection service.
Click AdvcdExpandBtn.PNGunder Actionsand select View > Configto display the Log Collection configuration parameter tabs.

ConfigFileProtocol1.png

Click the Event Sources tab.
Select a collection protocol (for example, File) and select Config.
Click Icon-Add.png and select an event source category (for example, apache).

The event source category is part of the content you downloaded from LIVE.

ConfigFileProtocol2.png

Select the newly added category (for example,
apache).
Click Icon-Add.png.

ConfigFileProtocol3.png

Specify the basic parameters required for the event source.
Click AdvcdExpandBtn.PNG and specify additional parameters that enhance how  the protocol handles  event collection for the event source.

Individual Collection Protocol Guides

The following guides provide detailed instructions on how to configure the collection protocols and their associated event sources in Security Analytics.  Each guide includes an index to configuration instructions for the event sources supported for that collection protocol.

Configure individual collection protocols. Instructions are in the individual Log Collection Guides:  

You are here
Table of Contents > Log Collection Getting Started > Procedures > Step 4. Configure Collection Protocols and Event Sources

Attachments

    Outcomes