I think it is my first post at this forum, I am learning many things here, I hope someone can help me.
So, I have an ODBC configured in Envision as Figure 1 in attachment, I need to configure these settings "Data query" and "Max tracking query" in Security Analytics but I dont know how to do it. Maybe it must be done in ODBC > Config as Figures 2 and 3 in attachment but I have no idea how to do it.
Could someone help me?
- Community Thread
- Forum Thread
- RSA NetWitness
- RSA NetWitness Platform
Hi, Thanks! am looking for this, say for i have ePolicy logs i want to query only for specific category of logs instead of collecting all from the default query template.
I found this, see this also refer to the same
I configured a custom ODBC Type, it seems to be working fine, in log messages I see the message below:
"Feb 3 14:01:39 NWSECURITY nw: [OdbcCollection] [info] [odbc:WrkUnit:29179] [publishEvents:489] [Log_Corporativo.Log_Corporativo] [processing] [Log_Corporativo] [processing] Published 46 ODBC events: last tracking id: 4186121"
But the logs are not showed on the Investigation Tab.
Anyone can help me?
I've been asking around to see if anyone can help and got this response "I need to see his odbc.xml file spec. It might be something very simple, but that file will tell me what I need to know". Let us know if you can share that on the Community or if you prefer emailing directly.
This usually happens when you have no parsers to process the customized logs. Check whether you have device.type='unknown' with the device.ip of the custom odbc server.
This means that your parser is not working.
Hope that helps.