This topic introduces features of the service Config view > General tab that relate specifically to Log Collector.
The RSA Security Analytics administrator must configure event sources to send logs to the collectors. When event sources are configured they poll event sources, retrieve logs, and send the event data to Security Analytics). In the service Config view > General tab, you can perform these actions:
- Adjust the system configuration parameters if required in the System Configuration panel.
Configure automatic start of log collection by event source type in the Log Collector Configuration panel:
- Check Point
- Plugins (AWS CloudTrail)
- Windows Legacy
To access the Log Collection General tab:
- In the Security Analytics menu, select Administration > Services.
- In Services, select a Log Collector service.
The Service Config view is displayed with the Log Collector General tab open.
System Configuration Panel
The System Configuration panel manages service configuration for a Security Analytics service. When a service is first added, default values are in effect. You can edit these values to tune performance. Refer to the General tab for a description of these parameters.
The System Configuration section has these parameters.
Collector Configuration Panel
The Collector Configuration panel provides a way to enable automatic start of log collection by event source type: Check Point, File, ODBC, SDEE, SNMP, Syslog, VMware, and Windows.
See the Log Collection Getting Started Guide for more information about enabling or disabling an automatic start of the collection or starting and stopping log collection protocols.