Use the Event Sources tab to configure the AWS (CloudTrail), Check Point, File, ODBC, SDEE, SNMP, Syslog, SNMP, VMware, Windows, and Windows Legacy event sources.
To access the Event Sources tab, go to Admin > Services > select Log Collection service > View > Config > Event Sources) .
This workflow illustrates the basic tasks needed to start collecting events through Log Collection.
|Role||I want to...||Documentation|
Perform basic Log Collection implementation.
Set up a lockbox to maintain lockbox settings.
Start Log Collection services.
*Configure Log Collection protocols and event sources.
Verify that Log Collection is working.
*You can perform this task here.
- Configure AWS (CloudTrail) Event Sources in NetWitness Platform
- Configure Check Point Event Sources in NetWitness Platform
- Configure File Event Sources in NetWitness Platform
- Configure ODBC Event Sources in NetWitness Platform
- Configure SDEE Event Sources in NetWitness Platform
- Configure SNMP Event Sources in NetWitness Platform
- Configure Syslog Event Sources
- Configure VMware Event Sources in NetWitness Platform
- Configure Windows Event Sources in NetWitness Platform
- Windows Legacy and NetApp Collection Configuration
The Config view has two drop-down menus:
The left-most menu lists all of the available collection protocols.
The right-most menu has two choices: Config and Filter.
The Config view in the Event sources tab has two panels: Event Categories and Sources.
Event Source Types Menu
The Log Collector Event Sources tab has a two-box, drop-down menu in which you select the collection protocol and any supporting parameters for that protocol.
In the left box, you select one of the following protocols: Check Point, File, ODBC, Plugins, SDEE, SNMP, SNMP, VMware, Windows, and Windows Legacy.
In the right box, you select:
Config to configure the generic event source parameters for the type you selected in the left drop-down. All generic Config panels have a toolbar with these options:
- Add, Edit, and Delete
- Import (also Import Source, Import DSN)
- Export (also Export Source, Export DSN)
- For ODBC, SNMP, and Windows only:
- For ODBC, DSNs to configure
- For SNMP, SNMP v3 User Manager
- For Windows, Kerberos Realm Configuration
Selecting an option displays a configuration panel where you configure the collection parameters for the event source. The configuration panels are slightly different for different event sources and are described separately.
Event Categories Panel
Once you select a collection protocol, the Event Categories panel is populated with all of the event sources that you have configured for that collection protocol. For example, the following image shows ODBC event sources that have been configured:
The Event Categories panel provides a way to add or delete event source types.
|1||Displays the Available Event Source Types dialog from which you select the event source type for which you want to define parameters.|
|2||Deletes the selected event source types from the Event Categories panel.|
Selects event source types.
|4||Displays the name of the event source types that you have added.|
The Sources panel lists the values of the parameters for the selected event source type. For details, see the individual collection protocol topics.
Below is an example of a list of Check Point event sources. Note that the result set has been limited to sources whose names contain the string checkpoint11.