This website uses cookies. By clicking Accept, you consent to the use of cookies. Click Here to learn more about how we use cookies.
Accept
Reject
Register Now
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
NetWitness Discussions

Unknown device type

JamesWilliams1
Beginner
Beginner

‎2020-06-24 07:33 AM

All,

  New user question.   I am using nxlog to send windows event logs to netwitness.  I see that the data is being sent.

I am not sure about the difference between the local collector and the decoder.   I am sending data on port 514.  The Decoder sees the input.   The device type is always unknown.   I have no parser configured.  I do not see a parser for windows event logs.  I am on Netwitness 10.6.   I tried many different ways to send the data via nxlog, with no success.  What is needed to have my log files identified?   Is there a parser the decoder should use on windows event logs?

Jim

0 Likes
2 REPLIES 2

KarimBenzina
Employee
Employee

‎2020-06-24 07:41 AM

Is the winevent_snare parser enabled in the log decoder config page? In admin>service>logdeocder>config

0 Likes

JamesWilliams1
Beginner
Beginner
In response to KarimBenzina

‎2020-06-24 10:28 AM

I have added the winevent_snare parser.  It works now - ty.

© 2022 RSA Security LLC or its affiliates. All rights reserved.