This website uses cookies. By clicking OK, you consent to the use of cookies. Click Here to learn more about how we use cookies.
OK
Register Now
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

RSA NetWitness® Platform Discussions

Discussions about the RSA NetWitness Platform.
RajbirYadav
Beginner
Beginner
‎2013-12-16 10:25 AM

is there any issue in SA 10.3?

Jump to solution

i just integrated two HPUnix in my SA server then i got, logs are coming as two different device type,refer attached screen shot

is this issue of SA or event source?

unix type diff1.jpg

unix type diff2.jpg

0 Likes
Reply
1 Solution

Accepted Solutions
RSAAdmin
Beginner
Beginner
‎2013-12-18 12:36 PM

Jump to solution

Hi there.

 

So, we had an issue with a load balancer showing up as a Junos Router because it was running Junos OS. If your device is running a Junos/Juniper OS, it's being parsed as a Junos device. It's a parsing issue, and you need to tweak your parser to acknowledge the issue, or escalate to RSA's dev team. Hope this helps

View solution in original post

0 Likes
Reply
8 Replies
huanzhou1
Beginner
Beginner
‎2013-12-17 01:38 AM

Jump to solution

i think its source, check the session details

0 Likes
Reply
RajbirYadav
Beginner
Beginner
In response to huanzhou1
‎2013-12-17 04:09 AM

Jump to solution

authentication success log come under HPUnx or authentication failure log coming under junosrouter from same device ip

0 Likes
Reply
huanzhou1
Beginner
Beginner
In response to RajbirYadav
‎2013-12-18 08:11 AM

Jump to solution

can you post the sample event? looks like both parser hpux and junosrouter enabled.

0 Likes
Reply
RajbirYadav
Beginner
Beginner
In response to huanzhou1
‎2013-12-18 08:45 AM

Jump to solution

please, Have a look on this document

Preview file
1123 KB
0 Likes
Reply
huanzhou1
Beginner
Beginner
In response to RajbirYadav
‎2013-12-18 10:06 AM

Jump to solution

Just wondering whether your network has junosrouter or not, which sent the events to SA?

0 Likes
Reply
RajbirYadav
Beginner
Beginner
In response to huanzhou1
‎2013-12-18 10:46 AM

Jump to solution

no junos router, just check devcie ip, hp unix and junosrouter is same

0 Likes
Reply
huanzhou1
Beginner
Beginner
In response to RajbirYadav
‎2013-12-18 10:52 AM

Jump to solution

can you export all the logs?

0 Likes
Reply
RSAAdmin
Beginner
Beginner
‎2013-12-18 12:36 PM

Jump to solution

Hi there.

 

So, we had an issue with a load balancer showing up as a Junos Router because it was running Junos OS. If your device is running a Junos/Juniper OS, it's being parsed as a Junos device. It's a parsing issue, and you need to tweak your parser to acknowledge the issue, or escalate to RSA's dev team. Hope this helps

View solution in original post

0 Likes
Reply
© 2020 RSA Security LLC or its affiliates.
All rights reserved.