RSA Admin

Exporting Logs from the IPDB in Syslog Format

Discussion created by RSA Admin Employee on Jun 19, 2008

I get this question a lot - how to export logs from the IPDB to generate a syslog file.

Well, it's in the UDS class slides, and you can see most of the command line options by typing udsxxxx -?

 

But that said, here are a few examples to get you started:

 

Dumping ALL logs from unknown event source:

lsdata -events syslog -time start now -devices unknown >> logfile.unx

 

Dumping ALL undefined logs from known event source type (unix AIX in this example):

lsdata -events syslog -time start now -devices "aix(undefined)" >> logfile.unx

 

Dumping ALL logs from a single event source:

lsdata -events syslog -time start now -devices X.X.X.X >> logfile.unx

where X.X.X.X is the ipaddress of the event source as seen in enVision

 

Dumping all undefined logs since the start of the last hour from a single event source:

lsdata -events syslog -time hour now -devices "X.X.X.X(undefined)" >> logfile.unx

where X.X.X.X is the ipaddress of the event source as seen in enVision

 

There are MANY more ways you can slice and dice the data for output - again, you can check out all the options by typing udsxxxx -?

Outcomes