This website uses cookies. By clicking Accept, you consent to the use of cookies. Click Here to learn more about how we use cookies.
Accept
Reject
Register Now
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
NetWitness Discussions

Audit Logging Issues Netwitness

ShishirKumar1
Beginner
Beginner

‎2018-08-08 08:34 AM

I am facing a strange issue with netwitness. I can see the audit logs from a particular hybrid coming in as a event source with the IP of the hybrid and this is again being parsed as different log sources.

 

I see no global audit configuration in my SA and no log forwarding set on the log decoder. How do I disable this ? I do not need the audit logs coming in as events and consuming extra EPS as I can easily search for audit logs in the log view of my appliance.

 

Any hints of what else I should check?

0 Likes
1 REPLY 1

EricPartington
Employee
Employee

‎2018-08-08 08:26 PM

check the rsyslog configuration of the source system /etc/rsyslog.d/ and look for any confgurations in there that point to your destination system. also check for /etc/rsyslog.nw.conf in case someone has configured syslog forwarding from the admin>System > host tasks button

0 Likes
© 2022 RSA Security LLC or its affiliates. All rights reserved.