Log Collection General Tab

This topic introduces features of the service Config view > General tab that relate specifically to Log Collector .

To access the Log Collection General tab:

  1. Go to netwitness_adminicon_25x22.png (Admin) > Services from the NetWitness menu.
  2. Select a Log Collection service.

  3. Click netwitness_ic-actns.png > View > Config.

    The Service Config view is displayed with the Log Collector General tab open.

Workflow

This workflow illustrates the basic tasks needed to start collecting events through Log Collection.

netwitness_lcwf.png

What do you want to do?

Role I want to... Documentation
Administrator

Perform basic Log Collection implementation.

 Basic Implementation
Administrator Set up a lockbox to maintain lockbox settings. Set Up a Lockbox
Administrator Start Log Collection services. Start Collection Services
Administrator Configure Log Collection protocols and event sources. Configure Collection Protocols and Event Sources
Administrator *Verify that Log Collection is working. Verify That Log Collection Is Working

*You can perform this task here.

Related Topics

Quick Look

The NetWitness administrator must configure event sources to send logs to the collectors. When event sources are configured they poll event sources, retrieve logs, and send the event data to NetWitness ).

System Configuration Panel

The System Configuration panel manages service configuration for a NetWitness service. When a service is first added, default values are in effect. You can edit these values to tune performance. Refer to the General tab for a description of these parameters.

netwitness_syscfgpanel.png

1 System Configuration Panel manages service configuration for a NetWitness service.
2 Compression: The minimum number of bytes that must be transmitted per response before compression. A setting of 0 disables compression. The default value is 0.
A change in value is effective immediately for all subsequent connections.
3 Port: The port on which the service listens. The ports are:
  • 50001 for Log Collectors
  • 50002 for Log Decoders
  • 50003 for Brokers
  • 50004 for Decoders
  • 50005 for Concentrators
  • 50007 for other services
4 SSL FIPS Mode: When enabled (on), the security of data transmission is managed by encrypting information and providing authentication with SSL certificates. The default value is off.
5 SSL Port: The NetWitness Core SSL port on which the service listens. The ports are:
  • 56001 for Log Collectors
  • 56002 for Log Decoders
  • 56003 for Brokers
  • 56004 for Decoders
  • 56005 for Concentrators
  • 56007 for other services
6 Stat Update Interval: The number of milliseconds between statistic updates on the system. Lower numbers cause more frequent updates and can slow down other processes. The default value is 1000.
A change in value is effective immediately.
7 Threads: The number of threads in the thread pool to handle incoming requests. A setting of 0 lets the system decide. The default value is 15.
A change takes effect on service restart.

Collector Configuration Panel

The Collector Configuration panel provides a way to enable automatic start of log collection by event source type.

netwitness_lccfgpanel.png

1 Collector Configuration Panel provides a way to enable automatic start of log collection by event source type.
2

Enable All enables the automatic collection for all event types.

Enable All = start receiving events and collecting logs for all event types when the Log Collector service starts.
3

Disable all disables the automatic collection for all event types.

Disable All = (default) do not receive event data for all event types until you explicitly start collection.
4 Start Collection on Service Startup enables automatic start, per event source type, of log collection when the Log Collector service starts. Valid values are:
  • Selected = start collecting logs when the Log Collector service starts.
  • Not selected = (default) do not collect event data until you explicitly start collection.
5 Apply: Click Apply to save the changes to the parameter values.