This website uses cookies. By clicking OK, you consent to the use of cookies. Click Here to learn more about how we use cookies.
OK
Register Now
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Announcements

RSA enVision® Discussions

Browse the RSA enVision discussion board to get product help and collaborate with other users of RSA enVision.
RSAAdmin
Beginner
Beginner
‎2012-04-24 05:11 PM

Top Device Talker

How do you determine your top 10 devices sending the most syslogs? Thanks, Marx Running 4.1
0 Likes
Reply
6 Replies
RSAAdmin
Beginner
Beginner
‎2012-05-01 10:50 AM

I am still running 4.0 and don't know if 4.1 is any different, but if you know your syslog device types you could run the lsdata command from the bin directory on the DSRV using totalsbydevice for the statistics switch. Then import the text file into Excel and sort. If anyone knows a better way, I would certainly like to know.
0 Likes
Reply
RSAAdmin
Beginner
Beginner
‎2012-05-09 04:42 PM

I asked a similar questions here: http://rsaenvision.lithium.com/t5/Tools-and-Scripts/LSDATA-Statistics-Info/m-p/10183 But no answer yet. I'd like to know the storage usage per device, but I don't think the system can do it.
0 Likes
Reply
RSAAdmin
Beginner
Beginner
In response to RSAAdmin
‎2012-05-10 12:38 PM

Your lsdata command appears to be correct. 1.5TB of data in a year is certainly possible depending upon your network architecture, the device, and the device's logging parameters. Firewalls and routers may see a lot of traffic and log the activity. Then there's the amount of logs you'll see with Windows 2008 servers unless you scale back what is logged. I've got one W2K8 box that logged over 700GB last month alone. Also keep in mind that the data is highly compressed when it is written to the IPDB. I'm seeing around a 96% compression rate.
0 Likes
Reply
RSAAdmin
Beginner
Beginner
In response to RSAAdmin
‎2012-05-10 12:41 PM

The compression is exactly the issue - I'm sure the data amounts are correct, however it would be nice to be able to know how much storage the devices are using, in addition to the volume they've sent.
0 Likes
Reply
RSAAdmin
Beginner
Beginner
In response to RSAAdmin
‎2012-05-10 06:10 PM

Try this command: "dir /s C:\ | findstr /b /c:" " >foldertotals.txt". Replace C:\ with the path to your data. It provides the number of files and total bytes for each directory and subdirectory. It's not great but you can work with the text file with a good text editor and import it into a spreadsheet for sorting.
0 Likes
Reply
JuhaLeskinen
Beginner
Beginner
In response to RSAAdmin
‎2012-06-11 05:31 AM

Go to Reports - Ad Hoc Reports - Network - System - Count of messages per device
0 Likes
Reply
© 2021 RSA Security LLC or its affiliates.
All rights reserved.