This website uses cookies. By clicking Accept, you consent to the use of cookies. Click Here to learn more about how we use cookies.
Accept
Reject
Register Now
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
NetWitness Discussions

Log Collection from Servers

Issac08
Beginner
Beginner

‎2018-01-04 11:03 AM

Hi Team,

 

 How can we ensure that logs are coming all servers to log collector ,is there any way to find the status .Kindly suggest.

Labels:
0 Likes
3 REPLIES 3

EricPartington
Employee
Employee

‎2018-01-04 11:36 AM

that is what Event Sources > Monitoring policies is to be used for.  THere is automatic monitoring settings where devices are baselined day over day and week over week to detect deviations of more than the std deviation defined in the config.

 

a server could be busy during the week day and then send no logs during weekend... a static policy of more or less than x events per period would alert constantly on the weekend... that was what the auto monitor policy was designed for.

 

have you looked into those functions?

0 Likes

Issac08
Beginner
Beginner
In response to EricPartington

‎2018-01-04 11:48 AM

No Eric ,it is possible to generate any health report or SA creates any alerts 

0 Likes

EricPartington
Employee
Employee
In response to Issac08

‎2018-01-04 12:19 PM

policy will create alerts for devices that you assign high and low watermarks.  those can be send via your standard notification templates for email, syslog etc.

you can also use ESA with the template alert to notify when a device(s) have not sent events for a period of time and that also has alerting options or ability to roll up into IM/Respond interface.

0 Likes
© 2022 RSA Security LLC or its affiliates. All rights reserved.