|Applies To||RSA Product Set: Security Analytics|
RSA Product/Service Type: SA Security Analytics Server
RSA Version/Condition: 10.4.x,10.5.x,10.6.x
Platform (Other): Windows SNARE Agent
|Issue||Windows Snare Agents Logs are not parsing properly and not able to view required meta.|
|Cause||Log fields are not separated with "," delimiter|
Aug 29 09:45:19 jumphost.rsabr.lab.emc.com MSWinEventLog 0 Security 7176 Mon Aug 29 09:45:18 2016 4689
|Resolution||To resolve the issue, follow the steps below:|
1. Move attached registry(SNAREdelimiter.reg) file to Event source.
2. Merge the registry file with Event source.
3. Press Yes and Ok for the confirmation.
4. Restart snare services in services.msc .
5. Check the latest logs from Event source.