How to configure the event processor to stream the data from the remote log collector

3 years ago

Originally Published: 2016-05-05

Article Number

000067439

Applies To

RSA Product Set: RSA Security Analytics
RSA Product/Service Type: Log Collector
RSA Version/Condition: 10.4.x,10.5.x,10.6.x
Platform: CentOS
O/S Version: EL6

Issue

How to configure the event processor to stream the data from the remote log collector

Resolution

1) On the source Remote Log collector: navigate to explore, Right-Click on event-processors and select properties.
User-added image

2) Under the Remote Log Collector properties select Add and then paste the text: ### name=GlobalStream type=LogDecoder ### within the parameter section and click Send.
User-added image

3) Navigate to event-processors/GlobalStream/destinations/logdecoder/consumer/processors/tcpconnector/config/connector/channel/tcp.
User-added image

4) On the properties section modify the fields as below -
ssl - Default is false, If you want to use ssl change it to true
port - Default is 514 for tcp, you cahnge it in the range 1-65535
failover_list - Please use the format [{\”address\”:\”<IPADDRESS>\”,\”port\”:<514>, \”ssl\”: <false>}]
address - Default is 10.112.11.19, its the tcp address where data will be sent.

User-added image

5) Finally Right-Click on event-processor/GlobalStream then click properties and select restart under the properties section.
User-added image

6) Now the Source Remote Log Collector is configured to stream events/log to the destination Global RLC.

Don't see what you're looking for?

Potential Impact from Salesforce Device Activation Change

Related Articles

Trending Articles