This website uses cookies. By clicking Accept, you consent to the use of cookies. Click Here to learn more about how we use cookies.
Accept
Reject
Register Now
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
NetWitness Discussions

One Event Source Error - Windows Legacy

Go to solution
Anonymous
Not applicable

‎2015-11-10 12:31 AM

Dear All,


Below is the error message which I am getting after integrating of the machine on Windows Legacy in RSA SA.

So after every attempt of integrating this new event source, I could see only one log in investigation and then it get stoppped after a while and the same below error message start coming if I check under Windows Legacy logs.

 

"[windows.EAIL.WVM****************] [starting] Collection state not found, normal for first collection attempt from an event source: c:\NetWitness\ng\logcollector\runtime\/windowslegacy/eventsources/windows.EAIL.WVM*************.xml: cannot open file"


Does anyone have any idea regarding this to get this resolved at the earliest. Thanks in advance.

 

Regards,

Deepanshu Sood.

0 Likes
1 ACCEPTED SOLUTION

Accepted Solutions

Go to solution
Anonymous
Not applicable
In response to AdamRasnick

‎2015-11-18 11:19 PM

Hi Rasnick,

 

 

 

I believe I am so close to solve that issue, I noticed on the event source itself that event logging service getting crashed after generating one single event.

 

So that’s why SA is unable to collect the logs.

 

 

 

Will check with the Windows team on this.

 

 

 

Thanks for your response.

 

 

 

Thanks,

 

Deepanshu Sood | Technical Consultant

View solution in original post

0 Likes
2 REPLIES 2

Go to solution
AdamRasnick
Beginner
Beginner

‎2015-11-17 09:01 AM

I have seen this one before.

 

What is the Windows event source?  Version? 

 

Also, can you send a screen shot of your SA configuration for that event source?

0 Likes

Go to solution
Anonymous
Not applicable
In response to AdamRasnick

‎2015-11-18 11:19 PM

Hi Rasnick,

 

 

 

I believe I am so close to solve that issue, I noticed on the event source itself that event logging service getting crashed after generating one single event.

 

So that’s why SA is unable to collect the logs.

 

 

 

Will check with the Windows team on this.

 

 

 

Thanks for your response.

 

 

 

Thanks,

 

Deepanshu Sood | Technical Consultant

0 Likes
© 2022 RSA Security LLC or its affiliates. All rights reserved.