This topic tells you how to configure the File collection protocol.
Configure a File Event Source
To configure a File Event Source:
- Go to ADMIN> Services from the NetWitness Suite menu.
- Select a Log Collection service.
- Under Actions, select > View > Config to display the Log Collection configuration parameter tabs.
Click the Event Sources tab.
- In the Event Sources tab, select File/Config from the drop-down menu.
The Available Event Source Types dialog is displayed.
Select a file event source type and click OK.
The newly added event source type is displayed in the Event Categories panel.
The Add Source dialog is displayed.
Add a File Directory name and modify any other parameters that require changes. For details, see File Collection Parameters below.
To get the public key and enter it into the dialog box, do the following:
- Select and copy the public key from the Event Source by running: cat ~/.ssh/id_rsa.pub
- Paste the public key in the Eventsource SSH Key field.
- Click OK.
You need to restart file collection for your changes to take effect.
Stop and Restart File Collection
After you add a new event source that uses file collection, you must stop and restart the NetWitness Suite File Collection service. This is necessary to add the key to the new event source.
The following table provides descriptions of the File Collection source parameters.