This topic introduces features of the service Config view > General tab that relate specifically to Log Collector .
To access the Log Collection General tab:
- Go to (Admin) > Services from the NetWitness Platform menu.
- Select a Log Collection service.
The Service Config view is displayed with the Log Collector General tab open.
This workflow illustrates the basic tasks needed to start collecting events through Log Collection.
What do you want to do?
|Role||I want to...||Documentation|
Perform basic Log Collection implementation.
|Administrator||Set up a lockbox to maintain lockbox settings.||Set Up a Lockbox|
|Administrator||Start Log Collection services.||Start Collection Services|
|Administrator||Configure Log Collection protocols and event sources.||Configure Collection Protocols and Event Sources|
|Administrator||*Verify that Log Collection is working.||Verify That Log Collection Is Working|
*You can perform this task here.
- Configure AWS (CloudTrail) Event Sources in NetWitness Platform
- Configure Check Point Event Sources in NetWitness Platform
- Configure File Event Sources in NetWitness Platform
- Configure Netflow Event Sources in NetWitness Platform
- Configure ODBC Event Sources in NetWitness Platform
- Configure SDEE Event Sources in NetWitness Platform
- Configure SNMP Event Sources in NetWitness Platform
- Configure Syslog Event Sources
- Configure VMware Event Sources in NetWitness Platform
- Configure Windows Event Sources in NetWitness Platform
- Windows Legacy and NetApp Collection Configuration
The RSA NetWitness Platform administrator must configure event sources to send logs to the collectors. When event sources are configured they poll event sources, retrieve logs, and send the event data to NetWitness Platform ).
System Configuration Panel
The System Configuration panel manages service configuration for a NetWitness Platform service. When a service is first added, default values are in effect. You can edit these values to tune performance. Refer to the General tab for a description of these parameters.
|1||System Configuration Panel manages service configuration for a NetWitness Platform service.|
|2||Compression: The minimum number of bytes that must be transmitted per response before compression. A setting of 0 disables compression. The default value is 0.|
A change in value is effective immediately for all subsequent connections.
|3||Port: The port on which the service listens. The ports are: |
|4||SSL FIPS Mode: When enabled (on), the security of data transmission is managed by encrypting information and providing authentication with SSL certificates. The default value is off.|
|5||SSL Port: The NetWitness Platform Core SSL port on which the service listens. The ports are: |
|6||Stat Update Interval: The number of milliseconds between statistic updates on the system. Lower numbers cause more frequent updates and can slow down other processes. The default value is 1000.|
A change in value is effective immediately.
|7||Threads: The number of threads in the thread pool to handle incoming requests. A setting of 0 lets the system decide. The default value is 15. |
A change takes effect on service restart.
Collector Configuration Panel
The Collector Configuration panel provides a way to enable automatic start of log collection by event source type.
|1||Collector Configuration Panel provides a way to enable automatic start of log collection by event source type.|
Enable All enables the automatic collection for all event types.
Enable All = start receiving events and collecting logs for all event types when the Log Collector service starts.
Disable all disables the automatic collection for all event types.
Disable All = (default) do not receive event data for all event types until you explicitly start collection.
|4||Start Collection on Service Startup enables automatic start, per event source type, of log collection when the Log Collector service starts. Valid values are: |
|5||Apply: Click Apply to save the changes to the parameter values.|