What "Source Type" to use when configuring Event Source Monitoring in RSA Security Analytics. Which Source Type should I use when configuring Event Source Monitoring in Security Analytics? How do I know what to enter for the Source Type when setting up Event Source Monitoring in SA?
If you wish to monitor a syslog event source, you do not have to use "syslog" as the Source Type. You need to use the name of the event source itself, otherwise you will not get any notification.
As an example, if you are sending syslog messages from a SecurID server to Security Analytics and you want to receive a notification when the SecurID server stops sending messages to Security Analytics (within a specified threshold) then you have to use rsaacesrv as the source type.
In order to check the correct Source Type:
From SA UI --> Administration --> Devices --> LogDecoder --> View --> Stats --> Log Stats