Log Collection General Tab

Document created by RSA Information Design and Development on Sep 11, 2017Last modified by RSA Information Design and Development on Oct 12, 2017
Version 7Show Document
  • View in full screen mode
  

This topic introduces features of the service Config view > General tab that relate specifically to Log Collector .

To access the Log Collection General tab:

  1. Go to ADMIN> Services from the NetWitness Suite menu.
  2. Select a Log Collection service.
  3. Click under Actions and select View > Config.

    The Service Config view is displayed with the Log Collector General tab open.

Workflow

This workflow illustrates the basic tasks needed to start collecting events through Log Collection.

Log Collection workflow shows the basic tasks for collecting events.

What do you want to do?

                       

Related Topics

Quick Look

The RSA NetWitness Suite administrator must configure event sources to send logs to the collectors. When event sources are configured they poll event sources, retrieve logs, and send the event data to NetWitness Suite ).

System Configuration Panel

The System Configuration panel manages service configuration for a NetWitness Suite service. When a service is first added, default values are in effect. You can edit these values to tune performance. Refer to the General tab for a description of these parameters.

Example shows the System Configuration panel.

                                 
1System Configuration Panel manages service configuration for a NetWitness Suite service.
2Compression: The minimum number of bytes that must be transmitted per response before compression. A setting of 0 disables compression. The default value is 0.
A change in value is effective immediately for all subsequent connections.
3Port: The port on which the service listens. The ports are:
  • 50001 for Log Collectors
  • 50002 for Log Decoders
  • 50003 for Brokers
  • 50004 for Decoders
  • 50005 for Concentrators
  • 50007 for other services
4SSL FIPS Mode: When enabled (on), the security of data transmission is managed by encrypting information and providing authentication with SSL certificates. The default value is off.
5SSL Port: The NetWitness Suite Core SSL port on which the service listens. The ports are:
  • 56001 for Log Collectors
  • 56002 for Log Decoders
  • 56003 for Brokers
  • 56004 for Decoders
  • 56005 for Concentrators
  • 56007 for other services
6Stat Update Interval: The number of milliseconds between statistic updates on the system. Lower numbers cause more frequent updates and can slow down other processes. The default value is 1000.
A change in value is effective immediately.
7Threads: The number of threads in the thread pool to handle incoming requests. A setting of 0 lets the system decide. The default value is 15. 
A change takes effect on service restart.

Collector Configuration Panel

The Collector Configuration panel provides a way to enable automatic start of log collection by event source type.

Example shows the Collector Configuration panel.

                         
1Collector Configuration Panel provides a way to enable automatic start of log collection by event source type.
2

Enable All enables the automatic collection for all event types.

Enable All = start receiving events and collecting logs for all event types when the Log Collector service starts.

3

Disable all disables the automatic collection for all event types.

Disable All = (default) do not receive event data for all event types until you explicitly start collection.

4Start Collection on Service Startup enables automatic start, per event source type, of log collection when the Log Collector service starts. Valid values are:
  • Selected = start collecting logs when the Log Collector service starts.
  • Not selected = (default) do not collect event data until you explicitly start collection.
5Apply: Click Apply to save the changes to the parameter values.
Previous Topic:Tabs
You are here
Table of Contents > Reference > Tabs > Log Collection General Tab

Attachments

    Outcomes