Health and Wellness Settings View - Event Sources

Note: For NetWitness Platform 11.4.1, this view has been deprecated. To manage Event Sources, use the netwitness_adminicon_25x22.png (Admin) > Event Sources view. For details, see "About Event Source Management" in the RSA NetWitness Platform Event Source Management Guide.

The Event Source Monitoring view consists of the Event Source panel, the Add/Edit Source Monitor dialog, the Decommission panel, and the Decommission dialog. You use the view to configure:

  • When to generate notifications for event sources from which the Log Collector is no longer receiving logs.
  • Where to send those notifications.
  • When to decommission a Log Collector when a Remote Collector and the Local Collector fails over to a standby Log Decoder.

The required role to access this view is Manage NW Auditing. To access this view:

  1. Go to netwitness_adminicon_25x22.png (Admin) > Health & Wellness.
  2. Select Settings > Event Source.

What do you want to do?

Role I want to ... Show me how
Administrator

View the functionality of Event Source Monitoring

Monitor Event Sources

Related Topics

Configure Event Source Monitoring

Quick Look

The Event Source tab is displayed.netwitness_11.0esm_monitoring_settings.png

1 Displays Event Source Monitoring Panel
2 Configure Event Source Monitoring Panel to receive notification

Event Source Monitoring Panel

Feature Description
Configure email or distribution list. Opens the Administration > System > Email view so you can adjust the email distribution for the Event Source Monitoring output.
Configure Syslog and SNMP Trap servers. Opens the Administration > System > Auditing view so you can adjust the Syslog and SNMP trap distribution for the Event Source Monitoring output.
netwitness_11.0icon_add.png Displays the Add/Edit Source Monitor dialog in which you add or modify event sources to monitor.
netwitness_11.0icon_delete_sm.png Deletes the selected event sources from monitoring.
netwitness_11.0checkbox.png Selects an event source.
Source Type Displays the source type of the event source.
Source Host Displays the source host of the event source.
Time Threshold Displays the time period after which NetWitness Platform stops sending notifications (Time Threshold).
Apply Applies any additions, deletions, or changes and they become effective immediately.
Cancel Cancels any additions, deletion, or changes.

Decommission Panel

Feature Description
netwitness_11.0-icon-add.png Displays the Decommission dialog in which you add or modify event sources to decommission.
netwitness_11.0_icon_delete_sm.png Deletes the selected event sources from decommissioning.
netwitness_11.0checkbox.png Selects an event source.
Regex Displays options to use regular expressions.
Source Type Displays the source type of the decommissioned event source.
Source Host Displays the source host of the decommissioned event source.
Apply Applies any additions, deletions, or changes, which become effective immediately.
Cancel Cancels any additions, deletions, or changes.

Add/Edit Source Monitor Dialog

netwitness_11.0_add-edit_source_monitor_dialog_514x288.png

In the Add/Edit Source Monitor dialog, you can add or modify the the event sources that you want to monitor. The two parameters that identify an event source are Source Type and Source Host. You can use globbing (pattern matching and wildcard characters) to specify the Source Type and Source Host of event sources as shown in the following example:

Source Type

Source Host
ciscopix 1.1.1.1
* 1.1.1.1
* *
* 1.1.1.1|1.1.1.2
* 1.1.1.[1|2]
* 1.1.1.[123]
* 1.1.1.[0-9]
* 1.1.1.11[0-5]
* 1.1.1.1,1.1.1.2
* 1.1.1.[0-9]|1.1.1.11[0-5]
* 1.1.1.[0-9]|1.1.1.11[0-5],10.31.204.20
* 1.1.1.*
* 1.1.1.[0-9]{1,3}

Features

Feature Description
Regex Select the checkbox to use regular expressions.
Source Type The source type of the event source. You must use the value that you configured for the event source in the Event Sources tab of the Administration > Services > Log Collector service > View > Config view.
Source Host Hostname or IP address of the event source. You must use the value that you configured for the event source in the Event Sources tab of the Administration > Services > Log Collector device > View > Config view.
Time Threshold The time period after which NetWitness Platform starts sending notifications.
Cancel Closes the dialog without adding the event source, or changes to the event source, to the Event Source Monitoring panel.
OK Adds the event source to the Event Source Monitoring panel.

Decommission Dialog

netwitness_11.0_decommission_dialog.png

Feature Description
Source Type The source type of the event source. You must use the value that you configured for the event source in the Event Sources tab of the Administration > Services > Log Collector device > View > Config view.
Source Host Hostname or IP address of the event source. You must use the value that you configured for the event source in the Event Sources tab of the Administration > Services > Log Collector service > View > Config view.
Cancel Closes the dialog without applying any event source additions, deletions, or changes to the Decommissioning panel.
OK Applies any event source additions, deletions, or changes to the Decommissioning panel.