- Subscribe to RSS Feed
- Mark as New
- Mark as Read
- Bookmark
- Subscribe
- Printer Friendly Page
- Report Inappropriate Content
- Chapters
- descriptions off, selected
- captions settings, opens captions settings dialog
- captions off, selected
This is a modal window.
Beginning of dialog window. Escape will cancel and close the window.
End of dialog window.
This is a modal window. This modal can be closed by pressing the Escape key or activating the close button.
In the following video we go through the steps to configure RSA NetWitness Endpoint Agent (Insight mode) to collect a custom flat file from a Windows server. This would allow us to replace the use of the RSA SFTP Agent. Instead of SFTP data over to our SIEM, we will use the Insight Agent to process the flat file and send to our SIEM over Syslog.
Notes from the video
Location of filetypespec on Node0: /var/netwitness/source-server/content/collection/file
Steps
1. Generate & Install 11.4 agent on a Windows machine
2. Create custom typespec file from an existing file: /var/netwitness/source-server/content/collection/file
3. Set <defaults> (for default log location and extension, can be edited later in UI)
4. Run: systemctl restart rsa-nw-source-server
5. In UI, Create "Flat File Logs" policy
6. Update Groups to add the "Flat File Logs" policy
7. Publish
8. Monitor/Validate
9. Setup sample logs for processing
Reference
- Josh Randall Blog Post: https://community.rsa.com/community/products/netwitness/blog/2020/03/30/custom-flat-file-log-collection-with-nw-endpoint-114
- Agent Details Executable: Hosted on above blog post link
- template.xml - Hosted on above blog post link
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.