Article Content
Article Number | 000038130 |
Applies To | RSA Product Set: NetWitness Platform RSA Product/Service Type: Core Appliance RSA Version/Condition: 11.2.0.0 Platform: CentOS O/S Version: 7 |
Issue | When ODBC event source configured and test connection successful with How to test an ODBC connection from a Log Collector in RSA Security Analytics/NetWitness Platform, The logs show odbc events being published as below. /var/log/messages:
However, Investigate->Navigate with device.ip=<EventSourceIP> query, shows no events. |
Tasks | Logs must be coming to Investigate->Navigate page with multiple ip details in device.ip. But, not with original device.ip. |
Resolution | Follow the below steps to get Original event source ip in device.ip meta key.
|