This website uses cookies. By clicking OK, you consent to the use of cookies. Click Here to learn more about how we use cookies.
OK
  • RSA.com
  • Products
    • Archer®
      • Archer®
      • Advisories
      • Blog
      • Discussions
      • Documentation
      • Downloads
      • Ideas
      • Knowledge Base
      • Archer® Exchange
      • Training
      • Upcoming Events
      • Videos
    • RSA® Fraud & Risk Intelligence Suite
      • RSA® Fraud & Risk Intelligence Suite
      • RSA® Adaptive Authentication Cloud
      • RSA® Adaptive Authentication On-Premise
      • RSA® Adaptive Authentication On-Premise (Cassandra)
      • RSA® Adaptive Authentication for eCommerce
      • RSA® FraudAction Services
      • RSA® Web Threat Detection
      • Upcoming Events
      • Videos
    • RSA® Adaptive Authentication Cloud
      • RSA® Adaptive Authentication Cloud
      • Advisories
      • Blog
      • Discussions
      • Documentation
      • Downloads
      • Events
      • Ideas
      • Knowledge Base
      • Training
      • Upcoming Patch Content
      • Videos
    • RSA® Adaptive Authentication Mobile SDK
      • RSA® Adaptive Authentication Mobile SDK
      • Advisories
      • Events
      • Ideas
      • Knowledge Base
      • Request Access
      • Training
    • RSA® Adaptive Authentication On-Premise
      • RSA® Adaptive Authentication On-Premise
      • Advisories
      • Blog
      • Discussions
      • Documentation
      • Downloads
      • Events
      • Ideas
      • Knowledge Base
      • Training
      • Videos
    • RSA® Adaptive Authentication On-Premise (Cassandra)
      • RSA® Adaptive Authentication On-Premise (Cassandra)
      • Advisories
      • Blog
      • Discussions
      • Documentation
      • Downloads
      • Events
      • Ideas
      • Knowledge Base
      • Training
      • Videos
    • RSA® Adaptive Authentication for eCommerce
      • RSA® Adaptive Authentication for eCommerce
      • Advisories
      • Blog
      • Discussions
      • Documentation
      • Ideas
      • Knowledge Base
      • Training
      • Videos
    • RSA® FraudAction Services
      • RSA® FraudAction Services
      • Advisories
      • Discussions
      • Documentation
      • Ideas
      • Videos
    • RSA® Web Threat Detection
      • RSA® Web Threat Detection
      • Advisories
      • Blog
      • Discussions
      • Documentation
      • Downloads
      • Ideas
      • Knowledge Base
      • Videos
    • RSA NetWitness® Platform
      • RSA NetWitness® Platform
      • Advisories
      • Blog
      • Discussions
      • Documentation
      • Downloads
      • Ideas
      • Integrations
      • Knowledge Base
      • Training
      • Upcoming Events
      • Videos
    • RSA NetWitness® Detect AI
      • RSA NetWitness® Detect AI
      • Documentation
      •  
      •  
      •  
      •  
      •  
      •  
      •  
      •  
      •  
      •  
    • RSA NetWitness® Investigator
      • RSA NetWitness® Investigator
      • Documentation
      • Download the Client
      •  
      •  
      •  
      •  
      •  
      •  
      •  
      •  
      •  
      •  
    • RSA NetWitness® Orchestrator
      • RSA NetWitness® Orchestrator
      • Overview
      • Documentation
      •  
      •  
      •  
      •  
      •  
      •  
      •  
      •  
      •  
      •  
    • RSA SecurID® Suite
      • RSA SecurID® Suite
      • Advisories
      • Blog
      • Discussions
      • Documentation
      • Downloads
      • Knowledge Base
      • Ideas
      • Integrations
      • Training
      • Videos
    • RSA® Identity Governance & Lifecycle
      • RSA® Identity Governance & Lifecycle
      • Advisories
      • Blog
      • Community Exchange
      • Discussions
      • Documentation
      • Downloads
      • Ideas
      • Knowledge Base
      • Training
      • Upcoming Events
      • Videos
    • RSA SecurID® Access
      • RSA SecurID® Access
      • Advisories
      • Blog
      • Discussions
      • Documentation
      • Downloads
      • Ideas
      • Integrations
      • Knowledge Base
      • Training
      • Upcoming Events
      • Videos
    • Other RSA® Products
      • Other RSA® Products
      • RSA® Access Manager
      • RSA® Data Loss Prevention
      • RSA® Digital Certificate Solutions
      • RSA enVision®
      • RSA® Federated Identity Manager
      •  
      •  
      •  
      •  
      •  
      •  
      •  
      •  
      •  
      •  
  • Resources
    • Advisories
      • Product Advisories on RSA Link
      • Archer®
      • RSA® Adaptive Authentication Cloud
      • RSA® Adaptive Authentication Hosted
      • RSA® Adaptive Authentication On-Premise
      • RSA® Adaptive Authentication On-Premise (Cassandra)
      • RSA® Adaptive Authentication for eCommerce
      • RSA® FraudAction Services
      • RSA® Identity Governance & Lifecycle
      • RSA NetWitness® Platform
      • RSA SecurID® Access
      • RSA® Web Threat Detection
      • All Product Advisories
    • Blogs
      • Blogs on RSA Link
      • Archer®
      • RSA® Adaptive Authentication Cloud
      • RSA® Adaptive Authentication On-Premise
      • RSA® Adaptive Authentication On-Premise (Cassandra)
      • RSA® Adaptive Authentication for eCommerce
      • RSA® Identity Governance & Lifecycle
      • RSA NetWitness® Platform
      • RSA SecurID® Access
      • RSA® Web Threat Detection
      • All Blogs on RSA Link
    • Discussion Forums
      • Discussion Forums
      • Archer®
      • RSA® Adaptive Authentication Cloud
      • RSA® Adaptive Authentication On-Premise
      • RSA® Adaptive Authentication On-Premise (Cassandra)
      • RSA® Adaptive Authentication for eCommerce
      • RSA® FraudAction Services
      • RSA® Identity Governance & Lifecycle
      • RSA NetWitness® Platform
      • RSA SecurID® Access
      • RSA® Web Threat Detection
      • All Discussion Forums on RSA Link
    • Documentation
      • Product Documentation
      • Archer®
      • RSA® Adaptive Authentication Cloud
      • RSA® Adaptive Authentication Mobile SDK
      • RSA® Adaptive Authentication On-Premise
      • RSA® Adaptive Authentication On-Premise (Cassandra)
      • RSA® Adaptive Authentication for eCommerce
      • RSA® FraudAction Services
      • RSA® Identity Governance & Lifecycle
      • RSA NetWitness® Platform
      • RSA SecurID® Access
      • RSA® Web Threat Detection
      • All Documentation on RSA Link
    • Downloads
      • Product Downloads
      • Archer®
      • RSA® Adaptive Authentication Cloud
      • RSA® Adaptive Authentication On-Premise
      • RSA® Adaptive Authentication On-Premise (Cassandra)
      • RSA® Identity Governance & Lifecycle
      • RSA NetWitness® Platform
      • RSA SecurID® Access
      • RSA® Web Threat Detection
      • All Downloads on RSA Link
    • Ideas
      • Idea Exchange
      • Archer®
      • RSA® Adaptive Authentication Cloud
      • RSA® Adaptive Authentication Mobile SDK
      • RSA® Adaptive Authentication On-Premise
      • RSA® Adaptive Authentication On-Premise (Cassandra)
      • RSA® Adaptive Authentication for eCommerce
      • RSA® FraudAction Services
      • RSA® Identity Governance & Lifecycle
      • RSA NetWitness® Platform
      • RSA SecurID® Access
      • RSA® Web Threat Detection
      • All Documentation on RSA Link
    • Knowledge Base
      • Knowledge Base
      • Archer®
      • RSA® Adaptive Authentication Cloud
      • RSA® Adaptive Authentication Mobile SDK
      • RSA® Adaptive Authentication On-Premise
      • RSA® Adaptive Authentication On-Premise (Cassandra)
      • RSA® Adaptive Authentication for eCommerce
      • RSA® Identity Governance & Lifecycle
      • RSA NetWitness® Platform
      • RSA SecurID® Access
      • RSA® Web Threat Detection
      • All Knowledge Base Pages on RSA Link
    • Upcoming Events on RSA Link
      • Upcoming Events
    • Videos
      • Videos on RSA Link
      • Archer®
      • RSA® Adaptive Authentication Cloud
      • RSA® Adaptive Authentication On-Premise
      • RSA® Adaptive Authentication On-Premise (Cassandra)
      • RSA® Adaptive Authentication for eCommerce
      • RSA® Identity Governance & Lifecycle
      • RSA NetWitness® Platform
      • RSA SecurID® Access
      • RSA® Web Threat Detection
      • All Videos on RSA Link
  • Support
    • RSA Link Support
      • RSA Link Support
      • News & Announcements
      • Getting Started
      • Support Forum
      • Support Knowledge Base
      • Ideas & Suggestions
    • RSA Product Support
      • RSA Product Support
      • General Security Advisories and Statements
      • Product Life Cycle
      • Support Information
      •  
      •  
      •  
      •  
      •  
  • RSA Ready
  • RSA University
    • Certification Program
      • Certification Program
    • Course Catalogs
      • Course Catalogs
      • Archer®
      • RSA NetWitness® Platform
      • RSA SecurID® Suite
    • On-Demand Subscriptions
      • On-Demand Subscriptions
      • Archer®
      • RSA NetWitness® Platform
      • RSA SecurID® Suite
    • Product Training
      • Product Training
      • Archer®
      • RSA® Fraud & Risk Intelligence Suite
      • RSA® Identity Governance & Lifecycle
      • RSA NeWitness® Platform
      • RSA SecurID® Access
    • Student Resources
      • Student Resources
      • Access On-Demand Learning
      • Access Virtual Labs
      • Contact RSA University
      • Enrollments & Transcripts
      • Frequently Asked Questions
      • Getting Started
      • Learning Modalities
      • Payments & Cancellations
      • Private Training
      • Training Center Locations
      • Training Credits
      • YouTube Channel
    • Upcoming Events
      • Upcoming Events
      • Full Calendar
      • Conferences
      • Live Classroom Training
      • Live Virtual Classroom Training
      • Webinars
Sign In Register Now
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Announcements

Visit the Known Issues dashboard if you are experiencing issues on RSA Link

View Dashboard

RSA enVision® Discussions

Browse the RSA enVision discussion board to get product help and collaborate with other users of RSA enVision.
  • RSA Link
  • :
  • Products
  • :
  • Other RSA Products
  • :
  • RSA enVision
  • :
  • Discussions
  • :
  • Troubleshoot message as loaded into the table
  • Options
    • Subscribe to RSS Feed
    • Mark Topic as New
    • Mark Topic as Read
    • Float this Topic for Current User
    • Bookmark
    • Subscribe
    • Mute
    • Printer Friendly Page
RSAAdmin
RSAAdmin Beginner
Beginner
‎2008-09-02 01:03 PM
  • Mark as New
  • Bookmark
  • Subscribe
  • Mute
  • Subscribe to RSS Feed
  • Permalink
  • Print
  • Email to a Friend
  • Report Inappropriate Content

Troubleshoot message as loaded into the table

How do I troubleshoot were a message is not showing up in the desired table?

 

I am parsing the message and assigning it to a table.  The message tag in the xml is this:

 

<MESSAGE
    level="7"
    parse="1"
    parsedefvalue="1"
    tableid="24"
    id1="021"
    id2="021"
    eventcategory="1901000000"
    content="PCNX  E TPM_CF    (&lt;threshold&gt:smileywink: Connection &lt;action&gt; for user &lt;username&gt; reason : &lt;reason&gt;" />

 

 

  My uds -device axwaygateway -parm command returns this:

 

-device class information 267

   InternalName:             Name:           CategoryName:   LI: MsgInfo:
   DID: Image:      Hdrs:  T / L / S
01 Axway Gateway             axwaygateway    APPLICATION SERVERSU621axwaygateway
msg621  axwaygateway1       (0.2511 / 1 / 0)

-parm:

10: axwaygateway Lines 1
Variable List for data category access_security identifier 57
        Variable:       Ref:    Use:
         action         1
         reason         1
         threshold      1
         username       1
parseData 0:

 

 After running injector I can see the messages coming in, but queries to the Access Control Security table return no data.

 

Can anyone see an error on my part?  How can I troubleshoot the data after I see it in a realtime Events - Message View and why it is not loaded into the table?

  • Tags:
  • Community Thread
  • Discussion
  • enVision
  • Forum Thread
  • RSA enVision
0 Likes
Share
Reply
  • All forum topics
  • Previous Topic
  • Next Topic
14 Replies
RSAAdmin
RSAAdmin Beginner
Beginner
‎2008-09-02 01:13 PM
  • Mark as New
  • Bookmark
  • Subscribe
  • Mute
  • Subscribe to RSS Feed
  • Permalink
  • Print
  • Email to a Friend
  • Report Inappropriate Content

Kurta,

 

You need to post a header as well as a sample of the event - otherwise we're all just guessing where the mismatch may be.

 

Also, please post samples you'd like the Intelligence Community to look at as attached files rather than pasting directly into the body of the message - sometimes the formatting comes out weird and certain character combinations get replaced with emoticons.

 

Suggestion:  attach the xml for the device as well as a scrubbed version of your logs from an lsdata dump.

0 Likes
Share
Reply
RSAAdmin
RSAAdmin Beginner
Beginner
‎2008-09-02 01:15 PM
  • Mark as New
  • Bookmark
  • Subscribe
  • Mute
  • Subscribe to RSS Feed
  • Permalink
  • Print
  • Email to a Friend
  • Report Inappropriate Content

Also:  the -parm parameter does not tell you that an event has parsed correctly with your XML - it just indicates whether the fields you chose actually exist within an enVision reporting table.

 

To actually check whether a message is parsing, use the -parse -msg combination

0 Likes
Share
Reply
RSAAdmin
RSAAdmin Beginner
Beginner
In response to RSAAdmin
‎2008-09-02 02:22 PM
  • Mark as New
  • Bookmark
  • Subscribe
  • Mute
  • Subscribe to RSS Feed
  • Permalink
  • Print
  • Email to a Friend
  • Report Inappropriate Content

I found the problem in the header.  These logs for the Axway Gateway are not simple one-liners.

 

If I add a field to a table and restart the service will future system updates and upgrades overwrite the sqltbl files?

0 Likes
Share
Reply
RSAAdmin
RSAAdmin Beginner
Beginner
In response to RSAAdmin
‎2008-09-02 02:35 PM
  • Mark as New
  • Bookmark
  • Subscribe
  • Mute
  • Subscribe to RSS Feed
  • Permalink
  • Print
  • Email to a Friend
  • Report Inappropriate Content

Yes - so save a copy of any table files you update!
0 Likes
Share
Reply
RSAAdmin
RSAAdmin Beginner
Beginner
In response to RSAAdmin
‎2008-09-04 12:58 PM
  • Mark as New
  • Bookmark
  • Subscribe
  • Mute
  • Subscribe to RSS Feed
  • Permalink
  • Print
  • Email to a Friend
  • Report Inappropriate Content

Attached is some info of the problems I'm having.  From the ouptut of the uds -parse, it _seems_ to parse to the fields, but.....

 

What is missing?

 

Thanks,

Kurt

0 Likes
Share
Reply
RSAAdmin
RSAAdmin Beginner
Beginner
In response to RSAAdmin
‎2008-09-04 01:16 PM
  • Mark as New
  • Bookmark
  • Subscribe
  • Mute
  • Subscribe to RSS Feed
  • Permalink
  • Print
  • Email to a Friend
  • Report Inappropriate Content

On the surface, what you have presented here looks OK, but I have no way to do any deeper testing as far as a direct data import to enVision without the logs.
0 Likes
Share
Reply
RSAAdmin
RSAAdmin Beginner
Beginner
In response to RSAAdmin
‎2008-09-04 01:38 PM
  • Mark as New
  • Bookmark
  • Subscribe
  • Mute
  • Subscribe to RSS Feed
  • Permalink
  • Print
  • Email to a Friend
  • Report Inappropriate Content

What logs should I be looking at?
0 Likes
Share
Reply
RSAAdmin
RSAAdmin Beginner
Beginner
In response to RSAAdmin
‎2008-09-04 02:58 PM
  • Mark as New
  • Bookmark
  • Subscribe
  • Mute
  • Subscribe to RSS Feed
  • Permalink
  • Print
  • Email to a Friend
  • Report Inappropriate Content

I also noticed that the saddr is NOT USED, even tho saddr is a valid field in access_accounting.  Could this indicate another problem?

 

E:\nic\3700\ENVLAB01-ES\bin>uds -device axwaygateway -parm

-device class information 267

   InternalName:             Name:           CategoryName:   LI: MsgInfo:          DID: Image:      Hdrs:  T / L / S
01 Axway Gateway             axwaygateway    APPLICATION SERVERSU621axwaygatewaymsg621  axwaygateway1       (0.2503 / 2/ 0)

-parm:

10: axwaygateway Lines 2
Variable List for data category access_accounting identifier 56
        Variable:       Ref:    Use:
         conn_id        1
         faddr          1
         fport          1
         sport          1
         saddr          1       NOT USED
Variable List for data category access_security identifier 57
        Variable:       Ref:    Use:
         accountid      1
         action         1
         reason         1
         username       1
parseData 0:

0 Likes
Share
Reply
RSAAdmin
RSAAdmin Beginner
Beginner
In response to RSAAdmin
‎2008-09-04 03:58 PM
  • Mark as New
  • Bookmark
  • Subscribe
  • Mute
  • Subscribe to RSS Feed
  • Permalink
  • Print
  • Email to a Friend
  • Report Inappropriate Content

You are using the Generic Filereader, so you are ultimately putting a file containing your raw events into one of the FTP_files folders for enVision to process - that is the file I want to examine - the one with the events you are collecting.

 

Again, you may scrub any IP addresses/usernames/other sensitive data as long as the events retain their format.

 

 

0 Likes
Share
Reply
  • « Previous
    • 1
    • 2
  • Next »
  • « Previous
    • 1
    • 2
  • Next »
Powered by Khoros
  • Products
  • Resources
  • Solutions
  • RSA University
  • Support
  • RSA Labs
  • RSA Ready
  • About RSA Link
  • Terms & Conditions
  • Privacy Statement
  • Provide Feedback
© 2020 RSA Security LLC or its affiliates.
All rights reserved.