RSA Admin

Windows Event Logs - Import existing logs

Discussion created by RSA Admin Employee on Dec 28, 2009
Latest reply on Dec 29, 2009 by RSA Admin
We are thinking about adding a specific group of Windows workstations to be monitored in enVision. Is it possible to have all existing logs on the workstations added to enVision as well? I am familiar with using lsmaint -rebuild to add events already in enVision to a device that, for instance, was removed as a monitored device then added again. However, I am not familiar enough with the entire process that enVision follows to take the data from log format to the point it is added to the database. Is there a way to either make enVision grab the existing logs from the source? Or perhaps convert the current event logs on the Windows workstations to some other format and import them in a different manner?

Outcomes