.png?width=180&height=32&name=NW%20Logo%20(2).png){kind=small}
What to do if log messages are classified as an unknown device type in RSA Security Analytics
Issue
What to do if log messages are classified as an unknown device type in RSA Security Analytics.
Resolution
Log Messages are classifieded as unknown in the device.type meta key if they are not understood by RSA Security Analytics. The reasons for this could be:
- The log messages are not recognised by the device parser. Ensure that you have subscribed to the lastest parser for your device and that it is deployed and enabled on the Log Decoder device that the logs are being parsed through.
- The event source is not configured correctly. See the device specific configurations document for your device on the RSA SecurCare Online portal.
- The device is not yet supported. Please check the specific device configuation document for the versions currently supported. If the device is not currently supported, please complete the New Device Request form.
- If the messages are being classified as the wrong device type, refer to the knowledgebase article How to direct the RSA Security Analytics Log Decoder to use a specific device parser when collecting logs from a given event source (10.3.4 and higher) for further instructions.
If the device is supported but messages are being classified as unknown then please open a support case with the following information:
- The name and manufacturer of the device.
- What version of device is it.
- Examples of log messages that when imported will be classified as unknown. (You can export these from Security Analytics by going to investigator view -> Searching for unknown logs -> selecting the logs and then use Action -> Export Logs as text format)
Internal Comments
UserName:shurtj9/30/2014 3:07:28 PM - Technically Reviewed
Technically reviewed the article and changed its status to Copy Edited. Modified statements to adhere to Primus best practices. Added formatting to Fix statement and changed URLs to be descriptive links.
Product Details
RSA Product Set: Security AnalyticsRSA Product/Service Type: Log Decoder, Log Collector
Approval Reviewer Queue
Others