How to list all event sources through SSH
Originally Published: 2015-04-01
Article Number
Applies To
RSA Product/Service Type: SA Security Analytics Server
RSA Version/Condition: 10.3, 10.4
Platform: Linux
Issue
Resolution
1. Login to Log Decoder device through SSH
2. Run below command by replacing string "password" with actual password
NwConsole -c login localhost:50002 admin password -c decoder logStats | sed "s/ device=/,/g;s/ /,/g;s/forwarder/,/g;s/=ssafismaa01.fnfis.com/,/g;s/source=/,/g;s/count=/,/g;s/time=/,/g;s/,,,,/,/g;s/,,/,/g;s/\[,//g;s/,\]//g" | sed '1d;2d;3d;4d;5d;6d;7d' > /tmp/SA_Device_Status.csv
3. Navigate to tmp folder on same server to find the output file (SA_Device_Status.csv)
cd /tmp
4. Contents of file should appear in below format.
device_type,forwarder,event_source_IP,Date_of_creation
Example:
mcafeevirusscan,=SAVLC1,10.10.10.10,8,"2014-Sep-24,05:20:12"
Related Articles
How to generate a report to list all users with a fixed passcode in Authentication Manager 8.x Number of Views Download RSA SecurID Access Cloud User Event audit logs using Cloud Administration REST API CLU Number of Views Clearing PuTTY's Cache Of Host Finger Prints On Windows OS Event Sources Number of Views Identity Sources for Cloud Access Service Number of Views NTP error in RSA SecurID: Crtical event notification NTP out of sync Number of Views
Trending Articles
RSA MFA Agent 2.5 for Microsoft Windows Installation and Administration Guide RSA MFA Agent 2.3.6 for Microsoft Windows Installation and Administration Guide Quick Setup Guide - Passwordless Authentication in Windows MFA Agent for Active Directory Unable to find valid certification path error when logging on to Help Desk Admin Portal (HDAP) and Self-Service Portal (SS… RSA Authentication Manager 8.9 Release Notes (January 2026)
Don't see what you're looking for?
