Log Collection Event Sources TabLog Collection Event Sources Tab

Use the Event Sources tab to configure the AWS (CloudTrail), Check Point, File, ODBC, SDEE, Logstash, SNMP, Syslog, SNMP, VMware, Windows, and Windows Legacy event sources.

To access the Event Sources tab, go to (Admin) > Services > select Log Collection service > View > Config > Event Sources) .

Workflow

This workflow illustrates the basic tasks needed to start collecting events through Log Collection.

What do you want to do?

Role	I want to...	Documentation
Administrator	Perform basic Log Collection implementation.	Basic Implementation
Administrator	Set up a lockbox to maintain lockbox settings.	Set Up a Lockbox
Administrator	Start Log Collection services.	Start Collection Services
Administrator	*Configure Log Collection protocols and event sources.	Configure Collection Protocols and Event Sources
Administrator	Verify that Log Collection is working.	Verify That Log Collection Is Working

*You can perform this task here.

Related TopicsRelated Topics

• Configure AWS (CloudTrail) Event Sources in NetWitness
• Configure Check Point Event Sources in NetWitness
• Configure File Event Sources in NetWitness
• Configure ODBC Event Sources in NetWitness
• Configure SDEE Event Sources in NetWitness
• Configure SNMP Event Sources in NetWitness
• Configure Syslog Event Sources
• Configure VMware Event Sources in NetWitness
• Configure Windows Event Sources in NetWitness
• Configure Logstash Event Sources in NetWitness
• Windows Legacy and NetApp Collection Configuration

Quick Look

The Config view has two drop-down menus:

• The left-most menu lists all of the available collection protocols.

  

• The right-most menu has two choices: Config and Filter.

  

The Config view in the Event sources tab has two panels: Event Categories and Sources.

Note: For details on the Filter menu item, see Configure Event Filters for a Collector.

Event Source Types MenuEvent Source Types Menu

The Log Collector Event Sources tab has a two-box, drop-down menu in which you select the collection protocol and any supporting parameters for that protocol.

In the left box, you select one of the following protocols: Check Point, File, ODBC, Plugins, SDEE, SNMP, SNMP, VMware, Windows, and Windows Legacy.

In the right box, you select:

• Config to configure the generic event source parameters for the type you selected in the left drop-down. All generic Config panels have a toolbar with these options:

  • Add, Edit, and Delete
  • Import (also Import Source, Import DSN)
  • Export (also Export Source, Export DSN)
• For ODBC, SNMP, and Windows only:
  • For ODBC, DSNs to configure
  • For SNMP, SNMP v3 User Manager
  • For Windows, Kerberos Realm Configuration

Selecting an option displays a configuration panel where you configure the collection parameters for the event source. The configuration panels are slightly different for different event sources and are described separately.

Event Categories PanelEvent Categories Panel

Once you select a collection protocol, the Event Categories panel is populated with all of the event sources that you have configured for that collection protocol. For example, the following image shows ODBC event sources that have been configured:

The Event Categories panel provides a way to add or delete event source types.

1	Displays the Available Event Source Types dialog from which you select the event source type for which you want to define parameters.
2	Deletes the selected event source types from the Event Categories panel.
3	Selects event source types.
4	Displays the name of the event source types that you have added.

Sources PanelSources Panel

The Sources panel lists the values of the parameters for the selected event source type. For details, see the individual collection protocol topics.

Below is an example of a list of Check Point event sources. Note that the result set has been limited to sources whose names contain the string checkpoint11.