000029347 - How to download raw logs from the Archiver in RSA Security Analytics/NetWitness Platform

Document created by RSA Customer Support Employee on Jun 14, 2016Last modified by RSA Customer Support on Mar 26, 2020
Version 6Show Document
  • View in full screen mode

Article Content

Article Number000029347
Applies ToRSA Product Set: Security Analytics / NetWitness Platform
RSA Product/Service Type: Archiver, REST API
RSA Version/Condition: 10.6.X, 11.X
Platform: CentOS
O/S Version: 6, 7
IssueThis article describes how to download raw logs from an RSA Security Analytics/NetWitness Platform Archiver appliance, and provides a sample for doing so against a specific time range.
  1. Connect to the Archiver REST API using the following address:

http://{archiver hostname or ip}:50108/sdk/packets

  1. Enter an administrator's username and password when prompted.
  2. A screen similar to the one shown below will be seen.  You can enter selection criteria, such as a time range and device type:

User-added image

  1. To download raw logs for a specific device, insert device.type=<device name> as in the example above.
  2. Optionally, you can specify a time range where the time format is YYYY-MMM-DD HH:MM:SS in UTC.  For example, "2019-Sep-20 11:19:00" in UTC.
  3. Select the extract format type.
  4. Click Submit when done.