RSA enVision^® Discussions

RSAAdmin · ‎2014-10-17

Hi community!

i'm checking my enVision but i find a strange problem: for 1 ip address, the enVision detect 3 type of device (Aix + f5bigip + WebSphere).

I'm sure that with those ip address there is only 1 type (i've checked).

That's obvious that only 1 type of device is logging.

Can anyone know why the enVision detect more type?

Thanks in advance.

- AB

FernandoAllende · ‎2014-10-19

Hi AB:

That's strange. If you are sure that source IP is not a NAT IP and the device is not set up for "multi-device" then install the latest ESU ... then "delete" all monitored devices related with this source IP and test again.

If appear 3 different devices for the same IP again then contact RSA enVision support ... ...

Regards,

Fernando Allendes.

RSAAdmin · ‎2014-10-20

Hi Fernando,

i'm sure that there is no nat (that's an internal address of my lan).

it appear 3 different type...no idea

Thanks

AB

DelfinAbzueta · ‎2014-10-21

The reason for this is the following:

1) Your device is setup as "Multi-Device"

2) RSA enVision assign the device type according to "best match" approach comparing the incoming messages with XML files under /dev/ folders in a near real time process.

3) If you device is AIX and don't have f5bigip or WebSphere in your company, you can deactivate the monitoring this type of devices using the "manage device type" panel under Overview\System Configuration\Devices

RSA enVision® Discussions

Wrong device type detected

RSA enVision^® Discussions