What is the command to see how much your drives are filled up in the
volume? For example, we have 7 SSDs in our Log Concentrator and we just
expanded to another DAC by extending the LVM
/var/netwitness/concentrator/index volume. I'd like to know if t...
What is the recommended Meta Open Files settings for Concentrator in a
VERY HIGH volume environment? I notice it is by default set to 100 but
is increasing to 512 a bad thing as long as you have the memory? We have
96G in the appliance. Session Thres...
Anyone having issues with SCP'ing files into File Reader / Flat File
drop zones? I imported the public key properly into the sftp account's
authorized_keys files because SFTP is working. Scenario 1 (SFTP) -
WORKINGsftp -o IdentityFile=~./ssh/id_rsa s...
Is there any way to have alias.host populate for various devices during
collection without using a custom feed that one needs to maintain? This
seems like a lot of work to maintain a DNS mapping when Security
Analytics should be doing this as ingest/...
Thanks -- I'm concerned that the data might get altered a bit with
"envision-like headers" e.g. %APP-4: etc.. and that might throw off
parsers but I'll test it. Good to know that it can at least get
delivered out and not specific to targeting Securit...
Check the logs to see if you had a warning/error loading the parser when
you pushed it. The first version I uploaded didn't load properly because
it did not have a variable declared before using it (script error). I
had to add the following line righ...
Sean, How has this worked for you? We are thinking to turn this on for
our syslog event sources because our users need raw searching and in
10.3 you can then go into Events tab and search through raw logs of any
device type using: msg contains 'blah'...
This is an SCP issue and its been identified as missing and will be
remediated by RSA I believe in future releases. The SFTP works just fine
for us right now. Naushad A Kasu | Security Insight | 952.512.7930 |
UHG, 400 South Hwy 169, St. Louis Park, ...