How Log Collection Works
The Log Collector service collects logs from event sources throughout the IT environment in an organization and forwards the logs to other NetWitness Suite components. The logs and the descriptive content are stored as meta data for use in investigations and reports.
Event sources are the assets on the network, such as servers, switches, routers, storage arrays, operating systems, and firewalls. In most cases, your Information Technology (IT) team configures event sources to send their logs to the Log Collector service and the NetWitness Suite administrator configures the Log Collector service to poll event sources and retrieve their logs. As a result, the Log Collector receives all logs in their original form.
RSA NetWitness Suite can collect logs from a wide variety of event sources. When you are configuring log collection for a specific event source, you need to know, first and foremost, the protocol that is used to collect the logs.