2017-03-02 11:29 PM
Hello,
I would like to neglect certain logs not to be captured in log collector, where I could see lot of unnecessary logs being captured in investigation. Is there any ways we can filter not to be captured or neglect such kind of logs being logged in SA? RSA Customer Support" data-type="space RSA NetWitness Suite" data-type="space @
2017-03-02 11:54 PM
Have a look at below URL mentioning Event filter at Log collection layer. Hope this helps. Though it talks only about event ID or logging level filter, this should help you in some cases if you know what logs to filter
https://community.rsa.com/docs/DOC-63396
Currently it works with below filters;
For Syslog:
For other collection methods: Event ID (EventID)
2017-03-03 12:21 AM
Thanks shah.
But SA version am currently using is 10.6
So i cant find some matching steps ass shown in link. It would be apprciated if you get me appropriate version.
Thanks in advance.