The document i got from RSA knowledgebase does not have any instruction for the integration of window server 2008 after installing window legacy collector. huan zhou
The document i got from RSA knowledgebase does not have any instruction for the integration of window server 2008 after installing window legacy collector. huan zhou
Read your question again - can't you use WinRM for W2k8 servers?
We have already tried to use winRm for win2008 but using this sa is collecting only 2008 server logs, we are not getting any log from window 2003 that have to collect using window legacy collector.
Sent from Samsung Mobilepatrickbayle <emc-community-network@emc.com> wrote:ECN
Does anyone have proper document for integration 0f 2003 or early event source using window legacy collector
reply from patrickbayle in RSA Security Analytics - View the full discussion
Read your question again - can't you use WinRM for W2k8 servers?
Reply to this message by replying to this email, or go to the message on ECN
Start a new discussion in RSA Security Analytics by email or at ECN
Following Does anyone have proper document for integration 0f 2003 or early event source using window legacy collector in these streams: Inbox
Taken from "RSASecurityAnalytics_v10.3_Legacy_Windows_Collection_Installation_Instructions.pdf" document in RSA Security Analytics Event Source Configurations section of SCOL:
"
The Security Analytics (SA) 10.3 Log Collector introduces Windows Legacy collection. With this feature, you can
collect event data from:
• Windows 2003 and earlier event sources
"
Good luck,
Fernando Allendes.
can share you configuration of the windows legacy collector?
Hi patriot,
Thanks for you response. Now,problem is solved.
Can you please inbox me your mail-id?
Sent from Samsung Mobile
good, already sent you. sorry was busy recently, didn't check the community very often.
This might help a few...see attached.
Hi All,
Thanks for your response, i have followed all these documents but none have any instruction after the installation of window legacy collector. means how we have to add that window 2008 server in SA on which window legacy collector is installed.
well now i have integrated window 2003 but i am able to add only one channel logs at a time, i try to select all the channels but its not possible in one source addition(please refer attached screen shot) should i add same source two or three times for the logs of all channels? is this correct way to add all channel logs or have to do any other configuration?
Hi Rajveer,
You are correct - this is how the legacy sources must be added in - one for each event source type.
Hopefully this will be improved in future releases by RSA.
Hi rajveer,
Could you collect the logs?
I cannot see the logs in Investigation tab.
I created an Appliance using the IP Address of the Windows 2008 which is installed the Windows Legacy
I created a Log Collector Service for Windows Legacy.
I created a Event Source for Windows 2003 server.
Follow in attachment some screenshots.
The Legacy Appliance has an error in Updates Column.
Is there any debug that I can run to check if there is some error?
I will be grateful if you can help me.
Regards.
Hi all,
I could configure with success. Is it necessary to configure a Destination Group in Windows Legacy service.
Regards.
Hi Rajveer,
You could also try configuration using Windows Snare agent which we are currently using in our environment and seems to be quite easy to deploy.
Have you tried sadocs?
link
The configuration for the Windows event sources are the same as enVision - you can find the guide for this on SCOL.
Hope this helps.