000026979 - How to download raw logs from an RSA Security Analytics Log Decoder and automate the process using REST API

Document created by RSA Customer Support Employee on Jun 14, 2016Last modified by RSA Customer Support Employee on Apr 21, 2017
Version 4Show Document
  • View in full screen mode

Article Content

Article Number000026979
Applies ToRSA Security Analytics
RSA NetWitness NextGen
RSA Security Analytics Log Decoder
REST API
IssueHow to download raw logs from an RSA Security Analytics Log Decoder and automate the process using REST API.
How do I download raw logs from a log decoder?
Resolution

Raw logs can be downloaded from a log decoder using the REST interface following the steps below:


  1. Open a web browser and enter the following URL:  http://<LOG_DECODER_IP>:50102/sdk/packets
  2. Enter the starting and ending time ranges.
  3. Click on the radio button labeled Logs and click the Submit button.

The process may also be automated with a script using the curl command, as shown:  curl -uadmin "http://<LOG_DECODER_IP>:50102/sdk/packets?render=logs%time1=<START_TIME>&time2=<END_TIME>"


NOTE:  The result comes back as a raw log and will need to be decoded accordingly.

Notes 
Legacy Article IDa64692

Attachments

    Outcomes