RSA Admin

Renaming an upgraded event source

Discussion created by RSA Admin Employee on Mar 25, 2011
Latest reply on May 26, 2011 by RSA Admin

This is probably an easy one.


One of my event sources has been upgraded,and renamed by the new vendor.  I've been told by the vendor that it logs exactly the same as before the upgrade, and only the name is different.  It's collected by File Reader service.


In my test ES, I've tried copying and renaming the previous etc/devices files, and giving it a different device ID in the .ini file.  But, when I inject the new raw logs into the ftp_files folder, they're always discovered as unknown.


I'm sure there's a wiki on what to do in this situation, but I can't find it. 


Thanks in advance,

--== John