.png?width=180&height=32&name=NW%20Logo%20(2).png){kind=small}
Issue
This article describes how to download raw logs from an RSA Security Analytics/NetWitness Platform Archiver appliance, and provides a sample for doing so against a specific time range.
Resolution
- Connect to the Archiver REST API using the following address:
http://{archiver hostname or ip}:50108/sdk/packets
- Enter an administrator's username and password when prompted.
- A screen similar to the one shown below will be seen. You can enter selection criteria, such as a time range and device type:
- To download raw logs for a specific device, insert device.type=
- Optionally, you can specify a time range where the time format is YYYY-MMM-DD HH:MM:SS in UTC. For example, "2019-Sep-20 11:19:00" in UTC.
- Select the extract format type.
- Click Submit when done.
Product Details
RSA Product Set: Security Analytics / NetWitness PlatformRSA Product/Service Type: Archiver, REST API
RSA Version/Condition: 10.6.X, 11.X
Platform: CentOS
O/S Version: 6, 7
Summary
This article describes how to download raw logs from an RSA Security Analytics/NetWitness Platform Archiver.
Approval Reviewer Queue
RSA NetWitness Suite Approval Queue