|Applies To||RSA Product Set: Security Analytics|
RSA Product/Service Type: Security Analytics UI, Log Decoder
RSA Version/Condition: 10.4.0.x, 10.4.1.0
O/S Version: EL6
|Issue||Security Analytics supports uploading Syslog-formatted log files through the Log Decoder.|
The steps to do this are:
In the releases listed above, this functionality no longer works correctly.
|Cause||In earlier Security Analytics releases, the log file itself was being assigned a timestamp that recorded when the file was uploaded.|
In the current versions where this feature no longer works, the file is no longer being assigned a timestamp.
|Resolution||Engineering ticket SACE-2869 is open and the issue is currently being investigated.|
|Workaround||In the Security Analytics UI, when looking for the uploaded data, if you enter a custom time frame that starts with 1969-12-31 21:00:00 and ends with 1970-01-01 00:00:00, you should see the file names listed and be able to drill-down on the events in that file.|