This website uses cookies. By clicking Accept, you consent to the use of cookies. Click Here to learn more about how we use cookies.
Accept
Reject
Register Now
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
NetWitness Discussions

Find all log devices sending content

RSAAdmin
Beginner
Beginner

‎2014-06-23 10:04 AM

All,

 

SA newb here.  Our current deployment uses a syslog aggregator that send all logs from the aggregator to SA.   I'd like to generate a report that shows all the devices that have ever sent logs to SA - -however, the way I tried to do this only showed the aggregator as the source.  Is there a way for me to generate this report that shows the originating IP/asset and not the aggregator?

 

Thanks,

 

Favabean

0 Likes
2 REPLIES 2

huanzhou1
Beginner
Beginner

‎2014-06-24 02:23 AM

which log forwarder you using? did you check on the log decoder - stats?

0 Likes

RSAAdmin
Beginner
Beginner

‎2014-06-24 05:11 AM

Hi,

Check out this thread How to override "device.ip" meta with the right one?

Hope it helps

0 Likes
© 2022 RSA Security LLC or its affiliates. All rights reserved.