Search for Specific Event Sources

In some cases, your Log Collector may contain a lot of pre-configured event sources for a specific collection protocol (for example File). If so, you can quickly search for one or more event sources based on address (IP/hostname) or name.

To search for one or more specific event sources:

  1. Go to netwitness_adminicon_25x22.png (Admin) > Services from the NetWitness menu.
  2. Select a Log Collection service.
  3. Under Actions, select netwitness_ic-actns.png > View > Config to display the Log Collection configuration parameter tabs.
  4. Click the Event Sources tab.
  5. In the Event Sources tab, select any collection protocol/Config from the drop-down menu.

    12.1_chooseCollectionMethod_1122.png

  6. From the Filter by Name / Address text field, enter an IP address or hostname and click Enter.

    Event sources that match the information entered into the search box are returned. For example, the image below shows a list of Check Point event sources whose names match the string checkpoint11.

    netwitness_essourcesfiltersearch.png