I am trying to user curl to pull data from our concentrator. it doesn't seem to want to work with curl. I am also not sure if i have the proper syntax. It works fine by manually going to the site at http://x.x.x.x:50105/sdk/packets the query i am trying to run is event.desc = 'ids_alerted' && time="2018-May-24 0:00"-"2018-May-24 23:20" and again it works fine using the manual page.
curl --user 'username:password'
You need to add --tlsv1.2 to your command for it to work.
Tried that but still nothing
Hi,
Try using the curl command below. It is modified to pull events for the entire day of May 24.
Please substitute your username/password and concentrator ipaddr.
# curl -u username:password "http://xxx.xxx.xxx.xxx:50105/sdk/packets?&render=logs&event.desc='ids_alerted'&time1=2018-May-07%2000:00:00&time2=2018-May-24%2023:59:59"
this works but it ignores what I am looking for as far as the event desc. It only concentrates on the time structure and gives me all logs between that time frame.
John,
If you are looking to pull meta, maybe this might work for you. https://community.rsa.com/message/897773
#meta #csv
Guy#
John Babio,
I've moved your question to the RSA NetWitness Platform space where it will be seen by the product's support engineers, other customers and partners. Please bookmark this page and use it when you have product-specific questions.
Alternatively, from the RSA Support page, click on Ask A Question on the blue navigation bar and choose Ask A Product Related Question. From there, scroll to RSA NetWitness Platform and click Ask A Question. That way your question will appear in the correct space.
Regards,
Erica