Fresh install, and tested sending syslog from the core appliances. I was
able to successfully stop syslog on all the appliances but the log
hybrid. I orig set syslog collection from the Appliance Task module. So
I went back there to stop it, using "h...
So just recently, we upgraded to 10.3.1. Unaware of a new indexing
process from here on after the upgrade, we noticed our concentrators did
not come back up immediately. We have a log hybrid and a packet hybrid,
both with 22TB DACs attached and both ...
Hey all, I am working with a customer who have a fairly large deployment
and we are setting up filters for multiple interfaces on the
device...but I am beginning to think its not possible. For example, we
started off just applying a BPF filter...but ...
Has anyone else had a problem recreating pictures or websites inside the
investigator module for 10.2 SP2? I have been working on this for 2
weeks now and have not been able to figure out why we are not able to
recreate any of the websites or picture...
We have installed SA for Logs and Packets in the environment, and
updated to 10.2 SP2. Logs and packets are both being ingested and
viewable in Investigator. Problem, when running a report through the
reporting engine, it never finishes. Even the sim...
I have seen this one before. What is the Windows event source? Version?
Also, can you send a screen shot of your SA configuration for that event
source?
Also note that you can only have one key in the SELECT clause, and then
you should be able to make a chart out of it and finally a dashlet. Once
you have created the chart, test it. You should be able to produce data.
Once you can produce the data yo...
You need to set your Live credentials again...they are not set in the
SA.REPO file. You can set them from the GUI when you go to the LIVE
settings and re-enter your credentials and click test (successful
hopefully) and then apply. This will append yo...
I have actually looked into this for a customer, and was able to find
what was actually logged from that source which turned out to not be
valuable to the customer. I am not exactly sure how we would grab those
logs because I think its a flat file th...
It is DEF a puppet issue. Strangely enough, I JUST had the same problem
on an ESA that I recently re-added back to the architecture after a
rebuild. I had to "REMOVE AND REPURPOSE" the appliane, which allowed me
to relicense the appliance and then af...
