AnsweredAssumed Answered

Is possible to remove device.ip?

Question asked by Maximiliano Cittadini on Mar 12, 2018
Latest reply on Mar 27, 2018 by Maximiliano Cittadini

I have a customer that wanted to add a custom device. We done that by creating a a conector that connects to every server of the customer, retrieve the data and then sends that events via syslog to Netwitness. We put into every syslog event the ip of the device and in the parser we also parse that IP as device.ip. When we see the parsed events we got two device.ip.... one for the server and in the other we got the IP where the software runs (because is the source of the syslog message)... Is there any way to avoid netwitness to add the device.ip from certain IP sources?