Skip navigation

Log in to create and rate content, and to follow, bookmark, and share content with other members.

Log Collection for windows servers

Discussion created by Issac 08 on Jan 4, 2018
Latest reply on Jan 4, 2018 by Eric Partington

Like • Show 0 Likes0
Comment • 3

Hi all,

Apart from winrm what are the other log collection methods ,there is any native agent that collects logs from windows box?

Outcomes

3 Replies

Eric Partington Jan 4, 2018 11:31 AM
snare agent
event reporter agent
winRM either to RSA netwitness or
WinRM to windows event collection server then 1 winRM connection to RSA log Collector
https://community.rsa.com/community/products/netwitness/blog/2017/01/30/logs-collecting-windows-events-with-wec?commentI…
Like • Show 0 Likes0
Actions
- Issac 08 @ Eric Partington on Jan 4, 2018 11:46 AM
  Thanks ,Which is best solution to go agent or winrm ?
  And also share me where we can download these agents .
  Like • Show 0 Likes0
  Actions
  - Eric Partington @ Issac 08 on Jan 4, 2018 1:38 PM
    depends on how your environment is configured and if you have control over the master build or logon scripts to push agents out or configure WinRM via GPO.
    
    The agents are 3rd party and not RSA provided. There is potentially another license to purchase those (snare used to be free in 4.x but now i think in 5.x you need to pay a fee per agent).
    
    Configuration guides are here:
    RSA NetWitness Supported Event Sources
    
    look for 'microsoft windows'
    Like • Show 0 Likes0
    Actions

Recommended Content