Provision Local Collectors and Remote Collectors

Document created by RSA Information Design and Development on Sep 11, 2017Last modified by RSA Information Design and Development on Oct 12, 2017
Version 7Show Document
  • View in full screen mode
  

The NetWitness Suite server verifies if an appliance has a Log Decoder service. If there is a Log Decoder service, it becomes a Local Collector . If a Log Decoder service is missing, it becomes a Remote Collector . A local Log Collector has an Event Destination and by default goes to the Local Log Decoder service. A Remote Collector does not have an Event Destination. The NW Server server identifies a Legacy Windows Collector as a Remote Collector . 

To edit a Local Collector or Remote Collector :

  1. Go to ADMIN > Services.
  2. In the Services view, select  in the toolbar.

    The Edit Service dialog is displayed.

    Edit Service dialog is displayed.

  3. In the Edit Service dialog, provide the following information.

                                           
    FieldDescription
    ServiceSelect Log Collector as the service type.
    HostSelect a Log Decoder host.
    NameType name you want to assign to the service.
    PortDefault port is 50001 for clear text and 56001 for SSL encrypted.
    SSLSelect SSL if you want NetWitness Suite to communicate with the host using SSL. The security of data transmission is managed by encrypting information and providing authentication with SSL certificates.
    (Optional) UsernameType the username of the Local Collector .
    (Optional) PasswordType the password of the Local Collector .
  4. Click Test Connection to determine if NetWitness Suite  connects to the service.
  5. When the result is successful, click Save.

    If the test is unsuccessful, edit the service information and retry. 

Next Topic:Configure LC/RC
You are here
Table of Contents > Setup > Add Local and Remote Collectors > Provision Local and Remote Collectors

Attachments

    Outcomes