I am trying to user curl to pull data from our concentrator. it doesn't
seem to want to work with curl. I am also not sure if i have the proper
syntax. It works fine by manually going to the site at
http://x.x.x.x:50105/sdk/packets the query i am try...
I downloaded the logs from RSA netwitness, used esi tool to attempt to
create parsers for the logs, then uploaded them following the proper
directions. They refuse to get parsed properly. The security
intelligence logs and the amp alert/ retrospectiv...
The only message i added a tag for is security intelligence. This one
required multiple headers in order to grab them all. So basically as it
send the syslog message to NW it adds the word SecurityIntelligence so I
know what to look for. Snort sigs w...
A quick tip for creating these. Make sure your user profile is setup to
export the log files as logs and not CSV. This will help when it comes
to creating the parsers with ESI. Also if you are sending syslog
messages for security intelligence events ...