This website uses cookies. By clicking Accept, you consent to the use of cookies. Click Here to learn more about how we use cookies.
Accept
Reject
Register Now
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
NetWitness Discussions

Does anyone have proper document for integration 0f 2003 or early event source using window legacy collector

Anonymous
Not applicable

‎2014-03-05 10:14 AM

The document i got from RSA knowledgebase does not have any instruction for the integration of window server 2008 after installing window legacy collector.

0 Likes
14 REPLIES 14

RSAAdmin
Beginner
Beginner

‎2014-03-05 10:29 AM

Have you tried sadocs?

 

link

 

The configuration for the Windows event sources are the same as enVision - you can find the guide for this on SCOL.

 

Hope this helps.

0 Likes

RSAAdmin
Beginner
Beginner
In response to RSAAdmin

‎2014-03-05 10:29 AM

Read your question again - can't you use WinRM for W2k8 servers?

0 Likes

Anonymous
Not applicable
In response to RSAAdmin

‎2014-03-05 12:15 PM

We have already tried to use winRm for win2008 but using this sa is collecting only 2008 server logs, we are not getting any log from window 2003 that have to collect using window legacy collector.

 

 

Sent from Samsung Mobilepatrickbayle <emc-community-network@emc.com> wrote:ECN

 

Does anyone have proper document for integration 0f 2003 or early event source using window legacy collector

reply from patrickbayle in RSA Security Analytics - View the full discussion

 

Read your question again - can't you use WinRM for W2k8 servers?

Reply to this message by replying to this email, or go to the message on ECN

Start a new discussion in RSA Security Analytics by email or at ECN

Following Does anyone have proper document for integration 0f 2003 or early event source using window legacy collector in these streams: Inbox

0 Likes

Anonymous
Not applicable
In response to Anonymous

‎2014-03-05 02:21 PM

 

Taken from "RSASecurityAnalytics_v10.3_Legacy_Windows_Collection_Installation_Instructions.pdf" document in RSA Security Analytics Event Source Configurations section of SCOL:

"

The Security Analytics (SA) 10.3 Log Collector introduces Windows Legacy collection.  With this feature, you can

collect event data from:

• Windows 2003 and earlier event sources

"

 

Good luck,

Fernando Allendes.

0 Likes

huanzhou1
Beginner
Beginner

‎2014-03-08 09:05 AM

can share you configuration of the windows legacy collector?

0 Likes

Anonymous
Not applicable
In response to huanzhou1

‎2014-03-08 09:15 AM

Hi patriot,

 

Thanks for you response. Now,problem is solved. 

Can you please inbox me your mail-id?

 

Sent from Samsung Mobile

0 Likes

huanzhou1
Beginner
Beginner
In response to Anonymous

‎2014-03-08 09:21 AM

good, already sent you. sorry was busy recently, didn't check the community very often.

0 Likes

AdamRasnick
Beginner
Beginner

‎2014-03-10 03:15 PM

This might help a few...see attached.

Preview file
1518 KB
0 Likes

Anonymous
Not applicable
In response to AdamRasnick

‎2014-03-11 12:19 AM

Hi All,

 

Thanks for your response, i have followed all these documents but none have any instruction after the installation of window legacy collector. means how we have to add that window 2008 server in SA on which window legacy collector is installed.

well now i have integrated window 2003 but i am able to add only one channel logs at a time, i try to select all the channels but its not possible in one source addition(please refer attached screen shot) should i add same source two or three times for the logs of all channels? is this correct way to add all channel logs or have to do any other configuration?

Preview file
163 KB
Preview file
130 KB
© 2022 RSA Security LLC or its affiliates. All rights reserved.