Log Collection: Remote/Local Collectors Configuration Parameters

Document created by RSA Information Design and Development on Sep 11, 2017•Last modified by Scott Marcus on May 14, 2018

Version 11Show Document

Like • Show 0 Likes0
Comment • 0
View in full screen mode

When you deploy Log Collection, you must configure the Log Collectors to collect the log events from various event sources, and to deliver these events reliably and securely to the Log Decoder host, where the events are parsed and stored for subsequent analysis.

This topic introduces features of the Services Config view > Remote Collectors/Local Collectors tab.

Workflow

This workflow illustrates the basic tasks needed to start collecting events through Log Collection.

What do you want to do?

Role	I want to...	Documentation
Administrator	Perform basic Log Collection implementation.	Basic Implementation
Administrator	Set up a lockbox to maintain lockbox settings.	Set Up a Lockbox
Administrator	Start Log Collection services.	Start Collection Services
Administrator	*Configure Log Collection protocols and event sources.	Configure Collection Protocols and Event Sources
Administrator	Verify that Log Collection is working.	Verify That Log Collection Is Working

*You can perform this task here.

Remote Collectors Tab

On a Local Collector, the Remote Collectors panel provides a way to add or delete Remote Collectors from which the Local Collector pulls events.

Column	Description
	Displays the Add Source dialog in which you select the Remote Collectors from which you want the Local Collector to pull events.
	Deletes the Remote Collector from the Local Collector Remote Collectors panel.
	Displays the Edit Source dialog for the selected Remote Collector .
	Selects Remote Collectors.
Name	Names of the Remote Collectors from which the Local Collector currently pulls events.
Address	IP Addresses of the Remote Collectors from which the Local Collector currently pulls events.
Collections	Choose which collection protocols that the Remote Collector pushes to a Local Collector. You can select any combination of protocols. If you do not select a protocol, NetWitness Suite selects all protocols.

Local Collector Tab

On a Remote Collector , the Local Collector panel provides a way to add or delete the Local Collectors to which you want to the Remote Collector to push events.

Select the Destination or Source in the Select Configuration drop-down menu.

Destination displays the Add Remote Destination dialog.
Source displays the Add Source dialog.

The following table describes the Add Source dialog.

Column	Description
	Displays the Add Source dialog in which you select the Remote Collectors from which you want the Local Collector to pull events.
	Deletes the Remote Collector from theLocal Collector Remote Collectors panel.
	Displays the Edit Source dialog for the selected Remote Collector .
	Selects Remote Collectors.
Name	Names of the Remote Collectors from which the Local Collector currently pulls events.
Address	IP Addresses of the Remote Collectors from which the Local Collector currently pulls events.

The following table describes the Local Collectors Panel.

Column	Description
	Displays the Add Remote Destination dialog for the Group that you selected. You add destination Local Collectors for this group to which you want the Remote Collector to push events.
	Deletes the destination Log Collector from the group.
	Displays the Edit Remote Destination dialog for the selected destination Local Collector .
	Selects a destination Local Collector .
Destination Name	Displays the name of the destination Local Collector .
Address	Displays the IP address of the destination Local Collector .
Collections	Choose which collection protocols that the Local Collector pulls from a Remote Collector. You can select any combination of protocols. If you do not select a protocol, NetWitness Suite selects all protocols.