This website uses cookies. By clicking Accept, you consent to the use of cookies. Click Here to learn more about how we use cookies.
Accept
Reject
Register Now
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
NetWitness Discussions

Device Down

Go to solution
Anonymous
Not applicable

‎2013-06-08 01:41 AM

Has anyone been successful in finding a way to mimic the Device Down functionality from enVision in SA?  I'm looking for something as simple a way to query when a particular device (IP or hostname) last sent logs.  Maybe some alerting can be handled once this timestamp is found to trespass some threshold.

11 REPLIES 11

Go to solution
Anonymous
Not applicable

‎2014-03-21 10:23 AM

I managed to send an alert (administration/system/monitoring/event source) if a source does not receives log after threshold. The problem is that it sends an alert email in every minutes so it is hardly usable. Is there any way to suppress these alerts? Or is there any way to use these log stats in a rule?

0 Likes

Go to solution
huanzhou1
Beginner
Beginner
In response to Anonymous

‎2014-03-24 03:23 AM

i'm opening case to check out. syslog also same.

0 Likes
© 2022 RSA Security LLC or its affiliates. All rights reserved.