Can any one have any idea, that how to change the time in investigation module?
When I go to investigation, I am able to view a very old date and time.
Please refer to the below mentioned screenshot, kindly suggest if someone have any idea?
Can any one have any idea, that how to change the time in investigation module?
When I go to investigation, I am able to view a very old date and time.
Please refer to the below mentioned screenshot, kindly suggest if someone have any idea?
Yes I have the access to the SSH, but I always fail to update or change the time.
Below is the output of the command. But I am not able to change the same.
Will you please suggest something on it. Thankszz.
Interesting, I was expecting different results for the date command, normally the times match. Is this for logs or packets? Also, is data actually coming into the device correctly? If you go to Administration -> Health & Wellness do you see any red? Do you see the capture rate ticking?
Hi Sean,
Well this a virtual based environment, and this is for both logs and packet, but this is a new setup. So nothing is configured with the new version as of now. So I am not getting any data onto this now.
And also one more interesting thing, if go to Health & Wellness, I must see all the devices health and status, but I am not able to see the health status of any of the appliance, like decoder, log collector, esa and concentrator.
It’s very strange to see, but ealier it was working fine.
Please refer to the attached screenshot.
Could you try pushing some data to the device? I have seen my devices act funny if it has no data at all to reference.
Hello Sean,
Thanks, hope this will work.
I will update soon, as I completed the same.
Regards,
Deepanshu Sood
Technical Consultant
Information Security Unit
Hi Deepanshu,
This normally happens when there is no Meta available in the Concentrator. Are you sure your Concentrator is aggregating Meta from its associated Decoder?
Hello Lee,
Yes everything is setup at good.
As it's a lab environment so as of now I haven't configure any event source to my log decoder.
First i will integrate any event source with LD and then check the same.
Thanks..
Regards,
Deepanshu Sood
Technical Consultant - Information Security
I am just now seeing this post and I assume that you have already resolved your issue. This has to do with your profile setting. If you go to your profile under the drop down on the top left hand corner, you can change your time zone on the server for the investigation module. You will also need to change your time zone on all your appliances. Attached is the doc on how to do all that. And as long as you are pushing data to the device, your time in the investigator module should reflect the correct time.
Do you have SSH to the box? if so can you do a 'date' command?