This topic describes the user interface for configuring File Collection.
Use this section when you are looking for descriptions of the File Collection user interface and definitions of the features of the user interface.
To access the File Collection Configuration Parameters:
- In the Security Analytics menu, select Administration > Services.
- In the Services grid, select a Log Collector service.
- Click under Actions and select View > Config.
- In the Log Collector Event Sources tab, select File/Config from the drop-down menu.
The File/Config view in the Event Sources tab has two panels: Event Categories and Sources.
Event Categories Panel
In the Event Categories panel, you can add or delete the appropriate event source types.
Available Event Sources Types Dialog
The Available Event Source Types dialog displays the list of supported event source types.
Use this panel to review, add, modify, and delete event source file directories and their parameters for the event source type you selected in the Event Categories panel.
The following table provides descriptions of the toolbar options.
Add or Modify Source Dialog
In this dialog, you add or modify a file directory for the selected event source.
File Directory Parameters
The following table provides descriptions of the source parameters.
To generate the key pair on the event source and import the public key to Log Collector:
- Double-click puttygen.exe in the C:\sasftpagent directory. The PuTTY Key Generator starts.
- Select SSH2 RSA as the type of key to generate.
- Click Generate and move the mouse in the PuTTY Key Generator window until the key is generated.
Save the private key:
- Click Save private key.
- Select Yes to not use a passphrase.
- Save the file as private.ppk in the C:\sasftpagent directory.
Add the public key to the Log Collector:
Copy the public key into your buffer so that you can paste it into the parameter in Security Analytics as described in step 5b.
In the following example, the public key is enclosed in a red box.
Paste the public key from your buffer into the Eventsource SSH Key parameter in Security Analytics. For details, see the Configure File Event Sources topic in the RSA Security Analytics Log Collection Guide.
- Close the puttygen.