Decoder: Configure a Log Decoder to Accept Protobuf

Document created by RSA Information Design and Development Employee on Jun 25, 2017Last modified by RSA Information Design and Development Employee on Sep 25, 2017
Version 2Show Document
  • View in full screen mode

This topic describes the method for configuring a Log Decoder to accept logs in protobuf (Protocol Buffer) format.

There are occasions when you want to analyze log files that are in protobuf (Protocol Buffer) format.


To import a log file to a Log Decoder:

  1. In the Security Analytics menu, select Administration > Services.
  2. Select a Log Decoder in the Service grid, and select  Actions menu cropped > View > Explore.
    The Explorer view for the Log Decoder is displayed.
  3. Navigate to event-processors/logdecoder/destinations/logdecoder/consumer/processors/

    Your screen should look similar to the following.
  4. For the send-protobuf field, select false, and change the value to true.
  5. Navigate to event-processors/logdecoder/destinations/logdecoder/consumer/processors/tcpconnector/
    and change the port value to 50202.
  6. Navigate to event-processors/logdecoder/destinations/logdecoder/consumer/processors/tcpconnector/
    and change the following parameters:
    • Clear the delimiter field
    • Change format to %text%
Next Topic:References
You are here
Table of Contents > Additional Procedures > Configure a Log Decoder to Accept Protobuf