000029347 - How to download raw logs from the Archiver in RSA Security Analytics

Document created by RSA Customer Support Employee on Jun 14, 2016Last modified by RSA Customer Support on Sep 6, 2019
Version 5Show Document
  • View in full screen mode

Article Content

Article Number000029347
Applies ToRSA Product Set: Security Analytics
RSA Product/Service Type: Archiver
RSA Version/Condition: 10.4, 10.5, 10.6
IssueThis article describes how to download raw logs from a Security Analytics archiver, and provides a sample for doing so against a specific time range.
  1. Connect to the Archiver REST API using the following address:

http://{archiver hostname or ip}:50108/sdk/packets

  1. Enter an administrator username and password when prompted.
  2. A screen similar to the one shown below will be seen.  You can enter selection criteria, such as a time range and device type:

User-added image

  1. To download raw logs for a specific device, insert device.type=<device name> as in the example above.
  2. Optionally, you can specify a time range where the time format is YYYY-MMM-DD HH:MM:SS in UTC.  For example, "2019-Sep-20 11:19:00" in UTC.
  3. Select the extract format type.
  4. Click Submit when done.