Skip navigation

Log in to create and rate content, and to follow, bookmark, and share content with other members.

000017442 - Device IP meta field does not show Windows Eventing host source IP address in RSA Security Analytics

Document created by RSA Customer Support

on Jun 16, 2016•Last modified by RSA Customer Support

on Apr 21, 2017

Version 2Show Document

Like • Show 0 Likes0
Comment • 0
View in full screen mode

Article Content

Article Number	000017442
Applies To	RSA Security Analytics
Issue	Device IP meta field does not show Windows Eventing host source IP address in RSA Security Analytics. User sees log messages being collected, but they do not contain the source IP address, which normally are expected to be seen under the Device IP meta key.
Resolution	For Windows Eventing collection, the Security Analytics Log Collector does not extract the Device IP address from the collected messages. Rather, the Device IP value is determined by examining the Security Analytics Windows Eventing host configuration. If hosts are configured with an IP address, those value are populated under the Device IP meta key. However, the Device IP meta key will not show any IP addresses for hosts that are configured using a hostname instead of a IP address.
Legacy Article ID	a64843

Attachments

Outcomes

0 Comments

Recommended Content