000026508 - What to do if log messages are classified as an unknown device type in RSA Security Analytics

Document created by RSA Customer Support Employee on Jun 14, 2016Last modified by RSA Customer Support Employee on Apr 21, 2017
Version 5Show Document
  • View in full screen mode

Article Content

Article Number000026508
Applies ToRSA Product Set: Security Analytics
RSA Product/Service Type: Log Decoder, Log Collector
IssueWhat to do if log messages are classified as an unknown device type in RSA Security Analytics.
Resolution

Log Messages are classifieded as unknown in the device.type meta key if they are not understood by RSA Security Analytics. The reasons for this could be:


 


If the device is supported but messages are being classified as unknown then please open a support case with the following information:


  • The name and manufacturer of the device.
  • What version of device is it.
  • Examples of log messages that when imported will be classified as unknown. (You can export these from Security Analytics by going to investigator view -> Searching for unknown logs -> selecting the logs and then use Action -> Export Logs as text format)
Legacy Article IDa68029

Attachments

    Outcomes