The Log Collection Platform (LCP) is designed to collect, compress, and transmit your log data securely to Symantec MSS. The LCPs are installed on customer provisioned hardware and thereafter solely managed by Symantec MSS. This allows Symantec to correlate, store, and analyze the data collected from the customer’s devices.
Figure 1-1 : MSS Log Collection Platform
A technology device (or applications) or mix of devices detect and log activity on the network.
Event Collectors gather, filter, and aggregate the log data and forward both the raw and processed log data to the Event Agent for transmission to the LCP. In some configurations, an offbox collector and agent may be required.
The on‐premises LCP receives the log data; which is then compressed for transport and digitally signed as originating from the device in question. The compressed, signed data is sent to the SOC from customer devices secured by TLS 1.2 protocol using RSA‐2048‐bit encryption.
Log data is stored in a proprietary, read‐only system in a completely separated database table space residing in a protected environment within the database infrastructure
The Device log files are run through the Symantec MSS STP (SOC Technology Platform) for multilayer post‐processing and presented to analysts for incident validation.
Self- service MSS Portal Dashboards and Reports are available for customer access.
Table 1-1 Hardware Requirements
Physical: 4XQuad-core running at 1.7GHz or greater, x64 compatible
Virtual: 16 CPUs
Physical: 2xQuad‐core running at 1.7GHz or greater, x64 compatible
Virtual: 8 CPUs
Confirm that the Hardware on which the LCP is to be installed is supported by Cent OS 6.10.
Requires a static IP address and fully qualified domain name.
VM performance estimates closely match those of similarly configured physical hardware, with only marginal degradation.
VMTools installation is recommended.
VMWare CPU and RAM resource reservation is mandatory. Please refer vendor documentation for instructions on how to reserve CPU and RAM resources.
When creating the virtual machine, use the Typical setting, ensure that the disk type is Eager Zeroed Thick Provision and select LSI logic parallel as SCSI Controller.
The above LCP Specifications are for estimation and guidance only. Post deployment, a detailed understanding of the amount of log data being generated in the environment, in combination with the log processing capacity will be required to size/scope the LCP.
MSS recommends to choose Config A.
Table 1-2 : Firewall Requirement
MSS management access and fault monitoring
NTP- Network Time Protocol
RSIP-Remote Secure Import Protocol for log uploading
Symantec LiveUpdate - Primary
<Local DNS Server>
LCP Host Installation & MSS Hand-off:
Customer will provide MSS with a public facing IP address of the machine from which they will be downloading the ISO image.
Onboarding Engineer will provide information to download ISO image.
Customer will install the ISO image on the customer‐provisioned platform designed per technical requirement specifications above. LCP Depolyment guide availabe here
Note: Customer will install following the instructions in the installation guide and using the relevant information provided by the Onboarding Engineer.
Customer will then notify the Onboarding Engineer that the installation has been completed and confirm with the team the relevant information for technology, such as IP address and hostname.
Onboarding Engineer will kick‐off the qualification process.
Once the qualification process begins, an MSS Qualification Engineer will harden the box.