This website uses cookies. By clicking OK, you consent to the use of cookies. Click Here to learn more about how we use cookies.
OK
Register Now
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Announcements

RSA enVision® Discussions

Browse the RSA enVision discussion board to get product help and collaborate with other users of RSA enVision.
RSAAdmin
Beginner
Beginner
‎2012-04-17 10:05 AM

How to query a specific string in 'unknown devices' at Analysis / Query / Create new query ?

Hello, I would like to query all the unrecognized (Device type: unknown) messages text for a specific string (one word). May I ask some help about that at Analysis / Query / Create new query page what I should I choose as "Select table to access", and which row / field (deviceaddress, etc) am I need to fill with this string ? Thank you !
0 Likes
Reply
1 Reply
RSAAdmin
Beginner
Beginner
‎2012-04-26 08:38 AM

hi Sib

 

Try to use LSDATA command from database server . Below an example for uknown device. Set correct time. If you know an IP put it insted of * behind :  Result would be on d drives.

 

lsdata -events Syslog -me "put_specyfic_string_there" -time 20120101000000 20120223235959 -devices unknown:*  > D:\unknown.txt

 

0 Likes
Reply
© 2021 RSA Security LLC or its affiliates.
All rights reserved.