This website uses cookies. By clicking Accept, you consent to the use of cookies. Click Here to learn more about how we use cookies.
Accept
Reject
Register Now
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
NetWitness Discussions

UDS Requirement

Go to solution
Anonymous
Not applicable

‎2014-01-10 03:32 AM

We need to add the unsupported device to SA, what are the requirements to add the device to start collection of logs.

The device is of Avaya Switch.

 

What the changes need to do on the device type or what the changes need to do the changes and settings on the Security Analytic side.

0 Likes
1 ACCEPTED SOLUTION

Accepted Solutions

Go to solution
Anonymous
Not applicable

‎2014-01-22 04:42 AM

Download Envision EventSource Integrator and create a custom parser.

View solution in original post

0 Likes
3 REPLIES 3

Go to solution
huanzhou1
Beginner
Beginner

‎2014-01-10 10:20 AM

any log sample? syslog? or something else? may need to create parser yourself.

0 Likes

Go to solution
Anonymous
Not applicable

‎2014-01-10 03:01 PM

patriot is correct.  You are going to need to create a parser and added to to /etc/netwitness/ng/envision/etc/devices/* on the log decoder.  You will also need to create a .ini and .xml for the log messages. 

 

Do you happen to becoming from enVision with that UDS already in there?  Most of the files are very similar in nature for the logs still, though I believe they are planning to move to lua for logs aswell. 

0 Likes

Go to solution
Anonymous
Not applicable

‎2014-01-22 04:42 AM

Download Envision EventSource Integrator and create a custom parser.

0 Likes
© 2022 RSA Security LLC or its affiliates. All rights reserved.