This website uses cookies. By clicking OK, you consent to the use of cookies. Click Here to learn more about how we use cookies.
OK
Register Now
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

RSA enVision® Discussions

Browse the RSA enVision discussion board to get product help and collaborate with other users of RSA enVision.
RSAAdmin
Beginner
Beginner
‎2011-05-11 11:39 AM

iSeries syslog with PowerTech Interact

We have an iSeries that is running PowerTech's Interact syslog utility to provide logs.  We've pointed the output at enVision, but it's not parsing at this point. The iSeries shows up as "unknown", so we know the data is arriving. We have just installed enVision, so are still getting our feet wet.

 

We have another iSeries that we set up with FileReader and that data is coming in just fine.

 

I can see that the PowerTech syslog output has a couple of extra fields (that appear to define the version of Interact in use), and is using some PIPE delimiters and spaces instead of commas, etc...  Has anyone created a customization for Interact?

0 Likes
Reply
4 Replies
RSAAdmin
Beginner
Beginner
‎2011-05-16 10:16 AM

I've not heard of that tool or seen a UDS for it, but it sounds useful.  It should be an easy matter to create a UDS integration for it using the Event Source Integrator (ESI) tool.  The company could also develop their own ESI package using the RSA Partner program. 

 

-Clarke

0 Likes
Reply
RSAAdmin
Beginner
Beginner
In response to RSAAdmin
‎2011-05-16 01:52 PM

Thanks for the reply Clarke, we are new to enVision and will have our professional services contact help us look at a UDS.  I've also submitted a request to add support for Interact. Their site shows support for many other SIEM platforms.

0 Likes
Reply
NathanFurze1
Beginner
Beginner
In response to RSAAdmin
‎2011-05-16 02:08 PM

I did speak with PowerTech following your device request and discussed our ESI Partner Program and there was some interest but the demand on their side hadn't reached critical mass.   I received another request last week from a customer that I had sent over to PowerTech to help drive momentum.  If you could also ping PowerTech we have partner resources available to engage.

 

Nathan

0 Likes
Reply
RSAAdmin
Beginner
Beginner
In response to NathanFurze1
‎2011-05-25 12:02 PM

We pinged PowerTech and they are checking to see "who's court the ball is in".

0 Likes
Reply
© 2020 RSA Security LLC or its affiliates.
All rights reserved.