RSA Admin

Change a device type without affecting historical logs?

Discussion created by RSA Admin Employee on Apr 6, 2011
Latest reply on Apr 8, 2011 by RSA Admin

I have an IP address that's configured as multi-device (UNIX AIX and Oracle) in order to collect both AIX and Oracle logs from that device.

 

However for some unknown reason the enVision one day automatically created a third device type for this same IP called "Juniper JUNOS" and so now about half of the AIX logs for this IP are received/stored in the enVision as UNIX AIX logs, and the other half are received/stored as Juniper JUNOS logs.

 

It is as if there was a log event on that AIX server that occured one day that the enVision recognized as a Juniper JUNOS type of event, and so the enVision automatically created the new device type for this IP.

 

I don't think it's possible, but I wanted to confirm if there is a way to move back the logs for this IP recorded as Juniper JUNOS logs into the UNIX AIX logs, and to delete the Juniper JUNOS device. 

Outcomes