This website uses cookies. By clicking OK, you consent to the use of cookies. Click Here to learn more about how we use cookies.
OK
Register Now
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

RSA enVision® Discussions

Browse the RSA enVision discussion board to get product help and collaborate with other users of RSA enVision.
RSAAdmin
Beginner
Beginner
‎2011-03-25 02:20 PM

Renaming an upgraded event source

This is probably an easy one.

One of my event sources has been upgraded,and renamed by the new vendor.  I've been told by the vendor that it logs exactly the same as before the upgrade, and only the name is different.  It's collected by File Reader service.

In my test ES, I've tried copying and renaming the previous etc/devices files, and giving it a different device ID in the .ini file.  But, when I inject the new raw logs into the ftp_files folder, they're always discovered as unknown.

I'm sure there's a wiki on what to do in this situation, but I can't find it. 

Thanks in advance,

--== John

0 Likes
Reply
3 Replies
RSAAdmin
Beginner
Beginner
‎2011-03-30 08:28 AM

I would start by using the event analyzer in the ESI tool to verify that the logs truly have not changed.

0 Likes
Reply
RSAAdmin
Beginner
Beginner
‎2011-05-20 10:53 AM

Have you tried just allowing the device to be collected the same way that it was...that is no changes to the name of the device file or anything?

 

 

0 Likes
Reply
RSAAdmin
Beginner
Beginner
‎2011-05-26 12:26 PM

If all you are really after is a name change, you could go into the devicenami.ini file in the appropriate \etc\devices folder and simply change the DisplayName= entry. You'll have to restart the Webserver and Locator services, but that will change the name as it appears in the enVision UI
0 Likes
Reply
© 2020 RSA Security LLC or its affiliates.
All rights reserved.