Decoder: Configure a Log Decoder to Accept Protobuf

Document created by RSA Information Design and Development on Jun 25, 2017Last modified by RSA Information Design and Development on Sep 25, 2017
Version 2Show Document
  • View in full screen mode
  

This topic describes the method for configuring a Log Decoder to accept logs in protobuf (Protocol Buffer) format.

There are occasions when you want to analyze log files that are in protobuf (Protocol Buffer) format.

Procedure

To import a log file to a Log Decoder:

  1. In the Security Analytics menu, select Administration > Services.
  2. Select a Log Decoder in the Service grid, and select  Actions menu cropped > View > Explore.
    The Explorer view for the Log Decoder is displayed.
  3. Navigate to event-processors/logdecoder/destinations/logdecoder/consumer/processors/
    tcpconnector/config

    Your screen should look similar to the following.
    protobufCfg01.png
  4. For the send-protobuf field, select false, and change the value to true.
  5. Navigate to event-processors/logdecoder/destinations/logdecoder/consumer/processors/tcpconnector/
    config/connector/channel/tcp
    and change the port value to 50202.
  6. Navigate to event-processors/logdecoder/destinations/logdecoder/consumer/processors/tcpconnector/
    config/connector/event
    and change the following parameters:
    • Clear the delimiter field
    • Change format to %text%
Next Topic:References
You are here
Table of Contents > Additional Procedures > Configure a Log Decoder to Accept Protobuf

Attachments

    Outcomes