000029347 - How to download raw logs from the Archiver in RSA Security Analytics

Document created by RSA Customer Support Employee on Jun 14, 2016Last modified by RSA Customer Support Employee on Apr 21, 2017
Version 4Show Document
  • View in full screen mode

Article Content

Article Number000029347
Applies ToRSA Product Set: Security Analytics
RSA Product/Service Type: Archiver
RSA Version/Condition: 10.4.x
IssueThis article describes how to download raw logs from a Security Analytics archiver, and provides a sample for doing so against a specific time range.
ResolutionConnect to the Archiver REST API using the following address:
http://{archiver hostname or ip}:50108/sdk/packets
Enter an administrator username and password when prompted.
A screen similar to that below can be entered where you can enter selection criteria, such as a time range and device type:
User-added image
To download raw logs for a specific device, insert device.type=devicename as in the above example.
Optionally, you can specify a time range where the time format is 
"2010-Apr-20 09:00:00" in UTC, then select the extract format type.