Log Collection General Tab

Document created by RSA Information Design and Development on Jun 25, 2017Last modified by RSA Information Design and Development on Jul 28, 2017
Version 2Show Document
  • View in full screen mode
  

This topic introduces features of the service Config view > General tab that relate specifically to Log Collector.

The RSA Security Analytics administrator must configure event sources to send logs to the collectors. When event sources are configured they poll event sources, retrieve logs, and send the event data to Security Analytics). In the service Config view > General tab, you can perform these actions:

  • Adjust the system configuration parameters if required in the System Configuration panel.
  • Configure automatic start of log collection by event source type in the Log Collector Configuration panel:

    • Check Point
    • File
    • Netflow
    • ODBC
    • Plugins (AWS CloudTrail)
    • SDEE
    • SNMP
    • VMware
    • Windows
    • Windows Legacy

To access the Log Collection General tab:

  1. In the Security Analytics menu, select Administration > Services.
  2. In Services, select a Log Collector service.
  3. Click under Actions and select View > Config.

    The Service Config view is displayed with the Log Collector General tab open.

System Configuration Panel

The System Configuration panel manages service configuration for a Security Analytics service. When a service is first added, default values are in effect. You can edit these values to tune performance. Refer to the General tab for a description of these parameters.

The System Configuration section has these parameters.

                                   
ParameterDescription
CompressionThe minimum number of bytes that must be transmitted per response before compression. A setting of 0 disables compression. The default value is 0.
A change in value is effective immediately for all subsequent connections.
PortThe port on which the service listens. The ports are:
  • 50001 for Log Collectors
  • 50002 for Log Decoders
  • 50003 for Brokers
  • 50004 for Decoders
  • 50005 for Concentrators
  • 50007 for other services
SSL FIPS ModeWhen enabled (on), the security of data transmission is managed by encrypting information and providing authentication with SSL certificates. The default value is off.
SSL PortThe Security Analytics Core SSL port on which the service service listens. The ports are:
  • 56001 for Log Collectors
  • 56002 for Log Decoders
  • 56003 for Brokers
  • 56004 for Decoders
  • 56005 for Concentrators
  • 56007 for other services
Stat Update IntervalThe number of milliseconds between statistic updates on the system. Lower numbers cause more frequent updates and can slow down other processes. The default value is 1000.
A change in value is effective immediately.
ThreadsThe number of threads in the thread pool to handle incoming requests. A setting of 0 lets the system decide. The default value is 15. 
A change takes effect on service restart.

Collector Configuration Panel

The Collector Configuration panel provides a way to enable automatic start of log collection by event source type: Check Point, File, ODBC, SDEE, SNMP, Syslog, VMware, and Windows.

                       
NameConfiguration Value
Enable All
Disable All
Enables or disables the automatic collection for all event types.
  • Enable All = start receiving events and collecting logs for all event types when the Log Collector service starts.
  • Disable All = (default) do not receive event data for all event types until you explicitly start collection.
Start Collection on Service StartupEnables automatic start, per event source type, of log collection when the Log Collector service starts. Valid values are:
  • Selected = start collecting logs when the Log Collector service starts.
  • Not selected = (default) do not collect event data until you explicitly start collection.
ApplyClick Apply to save the changes to the parameter values.

Tasks

See the Log Collection Getting Started Guide for more information about enabling or disabling an automatic start of the collection or starting and stopping log collection protocols.

You are here
Table of Contents > Log Collection Configuration Guide > Reference - Configuration Parameters Interface > Log Collection General Tab

Attachments

    Outcomes