This website uses cookies. By clicking Accept, you consent to the use of cookies. Click Here to learn more about how we use cookies.
Accept
Reject
Register Now
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
NetWitness Discussions

AD Logs with no information

RenatoGoncalves
Beginner
Beginner

‎2017-11-21 06:03 AM

We are collecting logs from AD and we cannot see any useful information, like users accounts, logons or logoffs. Has you can see in the picture the result of the log doesnt gives much information. What can i do to receive important data like the one i mencioned?

0 Likes
3 REPLIES 3

YasmineDowidar
Employee (Retired) Employee (Retired)
Employee (Retired)

‎2017-11-21 10:22 AM

Hi j2iBRTJCUKR3JAh2yPVOkmdUKjcLBNaD4eYHhgvfjBM=,

 

I have moved this thread to the RSA NetWitness Suite‌ page so that you can get an answer to your question.

 

Thanks,

Yasmine

0 Likes

EricPartington
Employee
Employee

‎2017-11-21 11:06 AM

can you paste the raw event for that message (not the meta data?)

 

It looks like the parsing has matched the header but not the payload (word meta indicates that).  There could be a couple of reasons for that but seeing the raw data will help to determine why.

0 Likes

EricPartington
Employee
Employee

‎2017-11-21 11:44 AM

yes that was what i was looking for (ideally it would be pasted as text so it could be tested in another tool to verify   )

 

Looks like something is truncating your logs in some form or not gathering the relevant data to parse out.

 

How are you capturing these logs? Are there other windows logs that look the same as this or do others have more details?

0 Likes
© 2022 RSA Security LLC or its affiliates. All rights reserved.