Provision Local Collectors and Remote Collectors

The NetWitness server verifies if an appliance has a Log Decoder service. If there is a Log Decoder service, it becomes a Local Collector. If a Log Decoder service is missing, it becomes a Remote Collector. A local Log Collector has an Event Destination and by default goes to the Local Log Decoder service. A Remote Collector does not have an Event Destination. The NetWitness Server identifies a Legacy Windows Collector as a Remote Collector.

To edit a Local Collector or Remote Collector:

  1. Go to netwitness_adminicon_25x22.png (Admin) > Services.
  2. Select a Log Collector service.
  3. In the Services view, select netwitness_edit.png in the toolbar.

    The Edit Service dialog is displayed.

    netwitness_editlc.png

  4. In the Edit Service dialog, provide the following information.

    Field Description
    Service Select Log Collector as the service type.
    Host Select a Log Decoder host.
    Name Type name you want to assign to the service.
    Port Default port is 50001 for clear text and 56001 for SSL encrypted.
    SSL Select SSL if you want NetWitness to communicate with the host using SSL. The security of data transmission is managed by encrypting information and providing authentication with SSL certificates.
    (Optional) Username Type the username of the Local Collector.
    (Optional) Password Type the password of the Local Collector.
  5. Click Test Connection to determine if NetWitness connects to the service.
  6. When the result is successful, click Save.​

    If the test is unsuccessful, edit the service information and retry.