The last time that ESI was updated was in 2012. I was wondering if ESI
will be modified to fully function with Security Analytics. Or are there
any other tools that can be used to build XML based log parsers?
Unlike enVision 4.x, the SA 10.x environment lacks the ability to
programmatically call a program when a specific alert has been
generated. In a DB monitoring scenario, it is already known via alert
that an item will require further review. Based on ...
Unlike enVision 4.x, Security Analytics lacks the ability to create
advanced correlated alerts in the base product;although I've heard that
this will be available with the Data Warehousing engine(CEP). An
advanced correlated alert is a combination of...
All,Most of the posts on this forum are Packet Centric, I'm posting this
to help others on the Log Data side that are trying to get REST apps to
work.I ran this in a cygwin environment but this should work well in any
UNIX environment too.#!/usr/bin/...
All,Most of the examples and guidance provided on this forum are Packet
centric. So, In an attempt to share some of the things that I have been
able to get working, I'm going to share some PERL source code.
#!/usr/bin/perluse Time::ParseDate qw(parse...
I'm not talking packets. I specifically talking logs and yes the system
took overnight to catch up. And if you look at the concentrator through
the config view you will see a huge backlog of meta that the
concentrator must catch up on. So, not sure w...
Yes, 10.3 Indexing is way different and on the log side the reindexing
will take days on a large deployment. Even in Development the system
took over night to catch up after reindexing. I'm concerned about my
production environment where there is far...
Hi Patriot,I even tried this with existing XML parsers with sample logs.
All the log messages were parsed on the header and message side. Once, I
try and run the Event Analysis Report. The Report completes but I get
the following error for the messag...
Ok. Quick Update here. I updated ESI with the latest event source update
and although I can properly parse messages with my parser I get the
following error message. "Report is not generated because the message
definition contains tags unsupported by...