AnsweredAssumed Answered

One Event Source Error - Windows Legacy

Question asked by Deepanshu Sood on Nov 10, 2015
Latest reply on Nov 18, 2015 by Deepanshu Sood

Dear All,


Below is the error message which I am getting after integrating of the machine on Windows Legacy in RSA SA.

So after every attempt of integrating this new event source, I could see only one log in investigation and then it get stoppped after a while and the same below error message start coming if I check under Windows Legacy logs.

 

"[windows.EAIL.WVM****************] [starting] Collection state not found, normal for first collection attempt from an event source: c:\NetWitness\ng\logcollector\runtime\/windowslegacy/eventsources/windows.EAIL.WVM*************.xml: cannot open file"


Does anyone have any idea regarding this to get this resolved at the earliest. Thanks in advance.

 

Regards,

Deepanshu Sood.

Outcomes