Initialize the Symantec WSS Beat

Prerequisites

• Open Collector is installed. If you have not already installed it, follow the instructions in the Open Collector Installation and User Guide, and then return to this topic.

• A username and password have been generated in the Symantec WSS portal.

  For more information on generating a username and password, see the Cloud SWG API Authentication documentation.

• The following port is open:

  Direction	Port	Protocol	Source
  Outbound	443	HTTPS	symantecwssbeat

Initialize the Beat via the Web Console (Recommended)

1. Ensure that the Open Collector Connection to the SIEM (WebUI) setup has been completed.

2. Ensure that the System Monitor Agent to which you intend to send these logs has been Configured for JSON Parsing.

3. Follow the steps outlined in Add a Beat in the Web Console to create the Beat via the Web UI.

Initialize the Beat via Command Line (Legacy)

1. Confirm Open Collector is running:

   ./lrctl status

   You should see the open_collector and metrics versions.

   If Open Collector is not running correctly, see Troubleshoot the Open Collector in the Open Collector Installation and User Guide.

2. In the Open Collector, run the following command to start the beat:

   ./lrctl symantecwssbeat start

3. Using the arrow keys, select New symantecwssbeat instance from the list and press Enter.                       

4.  Enter a unique identifier for this symantecwssbeat instance and press Enter.  

5.  Enter the previously configured Username for authentication and press Enter.

6. Enter the previously configured Password for authentication and press Enter.
   The symantecwssbeat service started message appears.   

7. (Optional.) To check the status of the service, run the following command:

   ./lrctl symantecwssbeat status

Default Config Values for Symantec WSS Beat