000032251 - How to extract raw logs from an Archiver appliance in RSA Security Analytics

Document created by RSA Customer Support Employee on Jun 14, 2016Last modified by RSA Customer Support Employee on Apr 21, 2017
Version 5Show Document
  • View in full screen mode

Article Content

Article Number000032251
Applies ToRSA Product Set: Security Analytics
RSA Product/Service Type: Archiver
RSA Version/Condition: 10.4.x, 10.5.x
Platform: CentOS
O/S Version: EL6
TasksThis article addresses how to extract raw logs from an Archiver appliance.
ResolutionThere are two options to extract raw logs from the Archiver.
  • Using Broker investigation from the Security Analytics UI.
  • Using the attached saget.py script from the CLI.
Refer to the attached PDF for the process.

Outcomes