|Applies To||RSA Product Set: Security Analytics|
RSA Product/Service Type: SA Security Analytics Server
RSA Version/Condition: 10.5.x, 10.6.x
O/S Version: CentOS
Product Name: Netwitness for Logs and Packets
|Issue||How to get the latest Event source parser using RSA Live.|
|Resolution||The steps below to be done on the SA GUI.|
1- Login to SA GUI.
2- Go to Live -> Search
3- Type the parser name (or part of it) in the "Keywords" text box and click search
4- Choose the needed parser as shown below.
5- A new window will be opened for the parser with some important information about it, click "deploy" to start deploying the parser on your decoders.
6- Follow the on-screen steps by choosing the decoders where the parser should be deployed.
7- On the decoder, check similar logs in /var/log/messages to make sure that the parser is successfully loaded.
ldecoder NwLogDecoder: [Parse] [audit] User admin (session 23129, 192.168.2.101:38974) has started uploading file 'rsadlp.envision'