This website uses cookies. By clicking Accept, you consent to the use of cookies. Click Here to learn more about how we use cookies.
Accept
Reject
Register Now
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
NetWitness Discussions

Need to determine what logs I am not ingesting.....Help

Anonymous
Not applicable

‎2014-06-11 09:43 AM

Good Morning,

We have about 1600 windows servers in multiple domains with the snare client sending to a central syslog server that forwards to one of our log hybrids.  I am only seeing around 700 servers getting to the log hybrid.  I need to determine which servers are not getting through the firewalls.  Is there a way to run a report of DNS names getting to the log hybrid?  If I had the domains that are being ingested I could determine which domains are not getting through.

Thanks for any help,

John

0 Likes
3 REPLIES 3

huanzhou1
Beginner
Beginner

‎2014-06-11 11:23 AM

select device.name.

can you monitor the device ips from logdecoder-stats.

Anonymous
Not applicable
In response to huanzhou1

‎2014-06-12 10:47 AM

Thanks.

 

How can I run a report to list all IP's?

 

John

0 Likes

huanzhou1
Beginner
Beginner
In response to Anonymous

‎2014-06-12 11:17 PM

yes, you can. select device.ip, don't put any limit.

0 Likes
© 2022 RSA Security LLC or its affiliates. All rights reserved.