RSA enVision^® Discussions

RSAAdmin · ‎2012-09-19

In performing the Microsoft Windows Eventing configuration in enVision there is a reference to being able to bulk add servers, but does not give the format for the file that is supposed to be used.

Would it be possible for someone to post the items required to create the bulk add list?

Thanks in advance,

Steve

RSAAdmin · ‎2012-09-20

'Bulk Add' is a scan-based function, not one based off a static list of uploaded systems. Within the GUI, if you go to the System Configuration > Services > Device Services > Windows Service > Manage Windows Service and then click the ? at the top, you'll get the help information with full details regarding the Bulk Add function.

RSAAdmin · ‎2012-09-20

The 'Bulk Add' that you are referring to is in the GUI. The process I'm referring to is part of the Microsoft Windows Eventing process for adding Windows 2008 R2 servers. If you follow the process to use the Windows Eventing Collection you have to add devices using a command prompt. After you create the channel you have to add servers. The command window prompts refer to adding devices based on a csv file, but does not tell you what fields are required or the order of fields. The information I am looking for is not available in the device configuration documents or the help files.

AlejandroNegron · ‎2012-09-20

Hi stephentgibedes,

Even though I haven't try it personally this is what I have on my personal KB, don't ask where I found this

You must create the CSV file in the

E:\nic\enVision version\node name\collection-service\winevent directory with the extension .csv.

The following is an example of a CSV input file:

NETWORK ADDRESS, PORT NUMBER, TRANSPORT MODE or “NETWORK ADDRESS, PORT NUMBER, TRANSPORT MODE”

10.31.121.33, HTTP, 80

10.31.122.34, HTTP, 5985

To add multiple event sources:

1. Open a new command shell, and change directories to the

E:\nic\enVision version\node name\collection-service\winevent directory.

2. Type:

wineventconfig.exe -a

3. When prompted, select 1 to add event sources.

4. When prompted, select 2 to add multiple event sources.

5. When prompted, specify a unique name for the alias.

6. When prompted, specify the CSV filename.

7. If prompted to apply the global authentication configuration, do one of the

following:

• To apply the global authentication configuration values, press Y.

• To enter the authentication configuration values for the alias to which these event sources belong, press N.

8. If you were not prompted to apply the global authentication configuration or pressed N in step 6, do the following:

a. Specify the authentication method.

b. Specify the user name of the user account.

c. Specify the password of the user account.

9. When prompted to apply the global event channel subscriptions, do one of the following:

• To apply the global event channel subscription values, press Y.

• To enter event channel subscription values for the alias to which these event sources belong, press N, and, when prompted, enter the events channel names separated by commas.

10. When prompted to apply the global polling interval, do one of the following:

• To apply the global polling interval value, press Y.

• To enter a polling interval value for the alias to which these event sources belong, press N, and enter a value or a range.

11. If you are adding event sources for the first time, start the Windows Eventing Collector Service.

If the above doesn't work for you I suggest you to open a ticket with techsupport.

I hope this helps,

RSAAdmin · ‎2012-09-20

Thank you Alejng,

That is exactly what I was looking for!

Steve

RSA enVision® Discussions

Microsoft Windows Eventing Bulk Add

RSA enVision^® Discussions