This website uses cookies. By clicking Accept, you consent to the use of cookies. Click Here to learn more about how we use cookies.
Accept
Reject
Register Now
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
NetWitness Discussions

Snare Detecting As A Ciscorouter parser

Go to solution
DeepanshuSood1
Beginner
Beginner

‎2016-03-02 04:59 AM

Hi,

 

I had integrated almost 10 windows machines from snare method, but when I check the logs from those machines then all the logs from the windows machines are detecting as under "ciscorouter".

 

I had opened a case regarding the same with RSA CS, so as per them they are saying that our engineering team is working on the same to fix is for you.

 

But here the problem, the customer can't live with this kind of issue for too long time.

 

So is there any one who had faced the same issue and resolved it too.

 

Kindly advise.

 

Regards,

Deepanshu Sood.

0 Likes
1 ACCEPTED SOLUTION

Accepted Solutions

Go to solution
DeepanshuSood1
Beginner
Beginner
In response to DavidWaugh1

‎2016-03-03 01:17 AM

HI David,

 

My issue get solved now and almost 80% of the logs are going under the right parser, i.e., winevent_snare.

I followed one solution available on the knowledge base, applied the same and the issue get resolved.

Thanks for your suggestion.

 

Regards,

Deepanshu Sood.

View solution in original post

5 REPLIES 5

Go to solution
DavidWaugh1
Employee
Employee

‎2016-03-02 11:42 AM

Hi can you paste some anonymised log samples so that we can take a look.

0 Likes

Go to solution
DeepanshuSood1
Beginner
Beginner
In response to DavidWaugh1

‎2016-03-03 01:17 AM

HI David,

 

My issue get solved now and almost 80% of the logs are going under the right parser, i.e., winevent_snare.

I followed one solution available on the knowledge base, applied the same and the issue get resolved.

Thanks for your suggestion.

 

Regards,

Deepanshu Sood.

Go to solution
jeffshurtliff
Administrator Administrator
Administrator
In response to DeepanshuSood1

‎2016-03-03 01:27 AM

Hi Deepanshu,

 

I'm glad to hear your issue was fixed.  Do you happen to remember which knowledge base article resolved your issue?

 

Thanks,

Jeff

0 Likes
© 2022 RSA Security LLC or its affiliates. All rights reserved.