RSA Admin

Windows Event Logs parsing Source Network Address

Discussion created by RSA Admin Employee on Feb 25, 2010
Latest reply on Mar 5, 2010 by RSA Admin
I'm trying to run a few queries to basically figure out when people logged in from a specific location. The location I was able to do this via searching on our local subnet. I noticed that "source network address" wasn't parsing in any field that I noticed in event explorer. I know the raw IP address was in the actual message, but didn't see it in any column field. Anyone else have issues with this? It would seem very odd it wasn't parsed. Also, event explorer doesn't show the entire raw message either, not sure why.

Outcomes