This website uses cookies. By clicking Accept, you consent to the use of cookies. Click Here to learn more about how we use cookies.
Accept
Reject
Register Now
cancel
Turn on suggestions
Showing results for 
Search instead for 
Did you mean: 
NetWitness Discussions

RSA Netwitness Logs&packets log-hybrid

AbdulrhmanM
Beginner
Beginner

‎2018-10-10 02:42 AM

Hi, I have a question regarding how log hybrid collects logs. Is there any kind of agent on each server? and those agents send logs to the log hybrid? or all servers are connected to an aggregation switch, which is connected to the log hybrid? or maybe neither of these? 

 

Thanks

0 Likes
7 REPLIES 7

MohammedMustafa
Frequent Contributor Frequent Contributor
Frequent Contributor

‎2018-10-10 09:22 AM

Hi Abdul,

 

Log Hybrid (Physical or Virtual) is a device that has log decoder, log collector & Concentrator service running on a single host.

So the log collection on log-hybrid is similar to the log collection that happens on a Log decoder hosted on a separate device.

Hope it helps.

Thanks
Mohammed Mustafa

Anonymous
Not applicable

‎2018-10-10 03:09 PM

Hi Abdulrhman,

 

There are many ways to collect logs in NetWitness.  We accept logs via syslog, odbc, files, plugins, and many others.  Some require agents to push to us such as SFTPing files or our Endpoint Agent to send us Windows logs.  Others we pull from the sources such as WinRM, and ODBC.  Still others, such as syslog, are send directly from a source to NetWitness.

 

You can see how to collect logs from our supported event source types in the guides on this page.

 

https://community.rsa.com/community/products/netwitness/parser-network/event-sources 

AbdulrhmanM
Beginner
Beginner

‎2018-10-11 03:45 AM

Thank you guys, that was helpful.

 

About log collector, what does it do? if we have a decoder that ingests raw data and applies parsers, and concentrator indexes data, what is the purpose of log collector? I don't see it mentioned in RSA Netwitness documentations.

Another thing about the system, is SA a host by its self? or a part of another host? what does it exactly do? does it differ from ESA?  

Thank you again, I'm new to all of this, so you might want to excuse me

0 Likes

RichardAraujo1
Beginner
Beginner

‎2019-03-27 10:00 AM

Olá a todos Preciso de ajuda sobre netwitness: Log usando estrutura híbrida, é possível usar dois servidores híbridos em ambiente diferente?

0 Likes

RichardAraujo1
Beginner
Beginner
In response to RichardAraujo1

‎2019-03-27 10:05 AM

I need help about netwitness :Log's using hybrid structure, its possible to use two hybrid servers in different enviroment?

0 Likes

RichardAraujo1
Beginner
Beginner

‎2019-03-27 10:06 AM

I need help about netwitness :Log's using hybrid structure, its possible to use two hybrid servers in different enviroment?

0 Likes
li.common.scroll-to.top
© 2022 RSA Security LLC or its affiliates. All rights reserved.