Sys Maintenance: Health and Wellness Settings Tab - Event Sources

Document created by RSA Information Design and Development on Sep 14, 2017Last modified by RSA Information Design and Development on Jul 12, 2018
Version 14Show Document
  • Comment0
  • View in full screen mode
  

Note: To manage Event Sources, see "About Event Source Management" in the RSA NetWitness Suite Event Source Management Guide.

The Event Source Monitoring view consists of the Event Source panel, Add/Edit Source Monitor dialog, Decommission panel, and the Decommission dialog. You use the view to configure:

  • When to generate notifications for event sources from which the Log Collector is no longer receiving logs.
  • Where to send those notifications.
  • When to decommission a Log Collector when a Remote Collector and the Local Collector fails over to a standby Log Decoder.

The required role to access this view is Manage NW Auditing. To access this view:

  1. Go to Admin > Health & Wellness.
  2. Select Settings > Event Source.

What do you want to do?

                  
RoleI want to ...Show me how
Administrator

View the functionality of Event Source Monitoring

Monitor Event Sources

Related Topics

Configure Event Source Monitoring

Quick Look

The Event Source tab is displayed.

             
1 Displays Event Source Monitoring Panel
2 Configure Event Source Monitoring Panel to receive notification

Event Source Monitoring Panel

                                                   
FeatureDescription
Configure email or distribution list.Opens the Administration > System > Email view so you can adjust the email distribution for the Event Source Monitoring output, if necessary.
Configure Syslog and SNMP Trap servers.Opens the Administration > System > Auditing view so you can adjust the Syslog and SNMP trap distribution for the Event Source Monitoring output, if necessary.
Displays the Add/Edit Source Monitor dialog in which you add or modify event sources to monitor.
Deletes the selected event sources from monitoring.
Selects an event source.
Source TypeDisplays the source type of the event source.
Source HostDisplays the source host of the event source.
Time ThresholdDisplays the time period after which NetWitness Suite stops sending notifications (Time Threshold).
ApplyApplies any additions, deletions,  or changes and they become effective immediately.
CancelCancels any additions, deletion, or changes.

Decommission Panel

                                           
FeatureDescription
Displays the Decommission dialog in which you add or modify event sources to decommission.
Deletes the selected event sources from decommissioning.
Selects an event source.
RegexDisplays if you choose to use regular expressions 
Source TypeDisplays the source type of the decommissioned event source.
Source HostDisplays the source host of the decommissioned event source.
ApplyApplies any additions, deletions, or changes and they become effective immediately.
CancelCancels any additions, deletions, or changes.

Add/Edit Source Monitor Dialog

In Add/Edit Source Monitor dialog, you add or modify the the event sources that you want to monitor.  The two parameters that identify an event source are Source Type and Source Host. You can use globbing (pattern matching and wildcard characters) to specify the Source Type and Source Host of event sources as shown in the following example:

                                                               

Source Type

Source Host
ciscopix 1.1.1.1
* 1.1.1.1
* *
* 1.1.1.1|1.1.1.2
* 1.1.1.[1|2]
* 1.1.1.[123]
* 1.1.1.[0-9]
* 1.1.1.11[0-5]
* 1.1.1.1,1.1.1.2
* 1.1.1.[0-9]|1.1.1.11[0-5]
* 1.1.1.[0-9]|1.1.1.11[0-5],10.31.204.20
* 1.1.1.*
* 1.1.1.[0-9]{1,3}

Features

                                   
Feature Description
RegexSelect the checkbox if you want to use regular expressions 
Source TypeThe source type of the event source. You must use the value that you configured for the event source in the Event Sources tab of the Administration > Services > Log Collector service > View > Config view.
Source HostHostname or IP address of the event source. You must use the value that you configured for the event source in the Event Sources tab of the Administration > Services > Log Collector device > View > Config view.
Time ThresholdThe time period after which NetWitness Suite starts sending notifications.
CancelCloses the dialog without adding the event source, or changes to the event source, to the Event Source Monitoring panel.
OKAdds the event source to the Event Source Monitoring panel.

Decommission Dialog

                         
FeatureDescription
Source TypeThe source type of the event source. You must use the value that you configured for the event source in the Event Sources tab of the Administration > Services > Log Collector device > View > Config view.
Source HostHostname or IP address of the event source. You must use the value that you configured for the event source in the Event Sources tab of the Administration > Services > Log Collector service > View > Config view.
CancelCloses the dialog without applying any event source additions, deletions, or changes to the Decommissioning panel.
OKApplies any event source additions, deletions, or changes to the Decommissioning panel.
You are here
Table of Contents > References > Health and Wellness > Health and Wellness Settings View - Event Sources

Attachments

    Outcomes