This website uses cookies. By clicking OK, you consent to the use of cookies. Click Here to learn more about how we use cookies.
OK
Register Now
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

RSA enVision® Discussions

Browse the RSA enVision discussion board to get product help and collaborate with other users of RSA enVision.
RSAAdmin
Beginner
Beginner
‎2010-02-23 02:16 PM

Delete NIC System Logs

Hi there-

We currently have over 200 devices integrated to envision LS distributed site appliance with one local and remote collector. NIC systems are the major contributor of the logs which is very strange. Is this normal? Anyways, we have the NAS box linked to the envision server. Is there a way to selectively delete the NIC systems logs? Can this be done using the lsmaint CLI?

 

Thanks for your in advance,

Tera

0 Likes
Reply
4 Replies
GrzegorzFlak
Beginner
Beginner
‎2010-02-24 09:56 AM

Lsmaint -delete will do it for you. Try lsmaint -help to show all options. Rember to specify time span and devices options.

You should also take into consideration that all correlated alerts are generated by that device!

 

 

0 Likes
Reply
RSAAdmin
Beginner
Beginner
In response to GrzegorzFlak
‎2010-02-24 06:42 PM

Thanks but is this normal for NIC systems to generate so much logs?

 

When I run a lsdata command to check the statistics, NIC systems is in the top of the list.

0 Likes
Reply
GrzegorzFlak
Beginner
Beginner
In response to RSAAdmin
‎2010-02-25 06:55 AM

Hi, In is my lab box I have more the 100k evens per diem on NIC System. What is your number of events per day. Consider that every minute enVision generates diagnostics messages. If you still thinks it is to much, you must use EventViewer graphs to investigate what is the proble which causes so many events.

 

Regards

0 Likes
Reply
RSAAdmin
Beginner
Beginner
In response to GrzegorzFlak
‎2010-03-02 08:04 PM

Thanks gstefan,

 

Please find the device stats for one month extracted using lsdata CLI. Notice NIC system has generated 5GB worth logs. Would you be concerned if you were me?

 

 EVENT STATISTICS TYPE                                                                      # Events              Bytes           kb/mb/gb             AvgEPS            Percent ================================================                  ================  =================  =================  =================  ================= NIC System                                                                25695013         5972361551           5.562 GB               9.01               0.67 Windows Events (NIC)                                                    3770236235      2049117804158        1908.390 GB            1322.50              98.74 Linux                                                                      3031517          724034253         690.493 MB               1.06               0.08 UNIX AIX                                                                   1640042          484910448         462.447 MB               0.58               0.04 F5 BigIP                                                                   1835984          399409812         380.907 MB               0.64               0.05 McAfee ePolicy Orchestrator                                                6971593         3492961700           3.253 GB               2.45               0.18 HP_UX / FreeBSD                                                            3606918          476647973         454.567 MB               1.27               0.09 IBM Mainframe (RACF)                                                       5176984         2443107944           2.275 GB               1.82               0.14 UNIX Solaris                                                                 63208           11665850          11.125 MB               0.02               0.00 Unknown                                                                          3                537           0.524 KB               0.00               0.00 Cisco Secure ACS                                                            209288           37402948          35.670 MB               0.07               0.01 Microsoft Operations Manager                                                    26               4303           4.202 KB               0.00               0.00 McAfee FoundScan                                                             17146            3190692           3.043 MB               0.01               0.00                                                                   ================  =================  =================  =================  ================= Total                                                                   3818483957      2063163502169        1921.471 GB            1339.42             100.00 Total Scanned                                                           3818483957      2064672650575        1922.876 GB            1339.42             100.00
0 Likes
Reply
© 2020 RSA Security LLC or its affiliates.
All rights reserved.