000017459 - WinRM Log Events get Truncated in RSA Security Analytics

Document created by RSA Customer Support Employee on Jun 14, 2016Last modified by RSA Customer Support Employee on Apr 22, 2017
Version 2Show Document
  • View in full screen mode

Article Content

Article Number000017459
Applies ToRSA Security Analytics
RSA Security Analytics Log Collector
Microsoft WinRM
IssueWinRM Log Events get Truncated in RSA Security Analytics.

Event logs from Windows servers might get truncated to Security Analytics when using WinRM.

For instance:

 

 

 

Resolution

The root cause of this issue is currently being investigated.  However, the following workaround can be applied:

 

From the Security Analytics GUI go to Administration ? Devices ? Log Collector ? View ? Config ? Event Sources ?

?  Select ?Windows? from the drop down menu on the left ? select the ?Event Cetegory? ? select the ?Host? on the right and edit it.

 

?  Select the ?Advanced? down arrow and fill the ?Render Locale? field with ?en-US?  ? click OK

 

?  Restart Windows collection

Legacy Article IDa65982

Attachments

    Outcomes