This website uses cookies. By clicking Accept, you consent to the use of cookies. Click Here to learn more about how we use cookies.
Accept
Reject
Register Now
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
NetWitness Discussions

Streaming Log View??

jAMESHERBST
Beginner
Beginner

‎2017-02-10 12:08 PM

Is there a way to stream the logs in near real time within Security Analytics?  I've been asked a few times over the past months if there's a view within SA to see the logs coming in that way.  I've been on this product for a long time and I've never seen anything like that....I think the closes way would entail constantly refreshing the Events view.  Does anyone have insight to this or have an operable workaround?

 

Thanks,

 

James

0 Likes
2 REPLIES 2

ChristopherAhea
Beginner
Beginner

‎2017-02-21 09:19 AM

James, 

 

That is not part of the product today.  I am not sure if there are plans to include it at some point down the road.  

0 Likes

ChrisThomas
Frequent Contributor
Frequent Contributor

‎2017-03-12 11:50 PM

While you can't do this in the GUI, you can do this using NwConsole on the command line. Connect to your concentrator:

NwConsole
sdk open nw://user:password@conc_ip:50005

sdk tailLogs

 

[root@RSAANZSCSA ~]# NwConsole

RSA Security Analytics Console 10.6.2.1

Copyright 2001-2017, RSA Security Inc.  All Rights Reserved.

Type "help" for a list of commands or "man" for a list of manual pages.

> sdk open nw://user:password@con_ip:50005

> sdk tailLogs

Sessions 268304417 to 268304417 have meta range 6530821554 to 6530821554

Running in continuous mode...

Mar 13 14:46:02 rsaanzscnet postfix/bounce[10204]: 700E3815B72E: sender non-delivery notification: 72295815B732

Mar 13 2017 03:44:02 RSAANZSCSA CEF:0|RSA|Security Analytics Audit|10.6.2.1|DATA_ACCESS|sdk.session|6|rt=Mar 13 2017 03:44:02 src=10.63.234.24 spt=57060 suser=admin sourceServiceName=CONCENTRATOR deviceExternalId=66bd07b7-f046-4329-8c68-d4c2b6bd7eda deviceProcessName=NwConcentrator outcome=pending msg=has requested SDK session info

Mar 13 2017 03:44:02 RSAANZSCSA CEF:0|RSA|Security Analytics Audit|10.6.2.1|DATA_ACCESS|sdk.info|6|rt=Mar 13 2017 03:44:02 src=10.63.234.24 spt=57060 suser=admin sourceServiceName=CONCENTRATOR deviceExternalId=66bd07b7-f046-4329-8c68-d4c2b6bd7eda deviceProcessName=NwConcentrator outcome=pending msg=has requested the SDK summary info

 

you can do some filtering also, for example

sdk tailLogs where "device.type='cacheflowelff'"

 

CLI: SDK Content Command Examples 

© 2022 RSA Security LLC or its affiliates. All rights reserved.