• MSSQL Monitoring Experiences

    Hello all   Who is using RSA enVision to monitor SQL databases,  We have started down this path and solved a couple of problems but would like to share experiences with others so that we can avoid some obv...
    RSA Admin
    last modified by RSA Admin
  • High number of failed logon from a user-id by windows servers.

    Hello,   While analysing reports relevant to faild logon from user-id in the window plateform, we get a high number of failed logon attempts from user-id finished by $ sign (5980 attempts in hour basis), these ...
    RSA Admin
    last modified by RSA Admin
  • Is nic.db a Sybase database?

    Hi,   The RSA Sales executive had told me during the product demo that RSA uses two typeas of databases:   (1)IPDB ----- ( I have clarity on this.) (2)Sybase Database ----- (I have some doubts abou...
    RSA Admin
    last modified by RSA Admin
  • Survey: Graphical Universal Event Source Device Support UESS tool

    We are working on the next generation Graphical Universal Event Source Support (UESS) tool. Eventually this tool will replace the the functionality of the existing console-based UDS tool (which is ...
    RSA Admin
    last modified by RSA Admin
  • Dashboard Reports

    Is there any location on this forum or elsewhere where one could get step-by-step instructions on creating useful dashboard reports, or where people post the configuration details of the dashboard reports that they ha...
    RSA Admin
    last modified by RSA Admin
  • UDS - SNMP

    Any setup help / instructions on setting SNMP traps from a Cisco Wireless device. We want to get SNMP traps of a rouge access point message. We've done UDS for syslog, but need a bit of guidance for UDS for that SNMP ...
    RSA Admin
    last modified by RSA Admin
  • A table issue?

    It is my understanding that the files in E:\nic\3700\ENVLAB01-ES\etc\sqltbl are the definition files for the database tables.  When comparing the fields in a file in the sqltbl dir and running uds -device mydevic...
    RSA Admin
    last modified by RSA Admin
  • NIC011 - Login Failure followed by Successful login on Firewall Devices ???

    Hi everyone.  I need help with the NIC011 alert.  I attempted to use the NIC011 template to create the same alert with only Checkpoint FW.  But the value masks in NIC011 appear to be wrong for Checkpoin...
    RSA Admin
    last modified by RSA Admin
  • device searching

    My small recommendations/requests:   1.  In the event viewer, give the user the ability to search for the IP, or by typing in the name/IP the drop down goes to that IP.  If you have over 500 routers i...
    RSA Admin
    last modified by RSA Admin
  • New Event Sources

    Hi, Is enVision planning to support any of the below mentioned devices in future:   SAP ERP Brocade Switches Symantec Endpoint Protection Linksys (Wirekless Access Points) SUN Identity and Access Manage...
    RSA Admin
    last modified by RSA Admin
  • Automatic report directory structure

    Is there a way to stop the reporting system from creating the date based directory structure for scheduled reports?   What I want is a daily report to go to the same directory and NOT, for example, the <repo...
    RSA Admin
    last modified by RSA Admin
  • 125 gig tmp file?!

    Hey guys, Just noticed today that our Analysis Disk Storage had somehow jumped up to 75% full.  Since it's a fairly new box, we knew it couldn't be just from regular reporting.  After some inspection, we f...
    RSA Admin
    last modified by RSA Admin
  • Auditlogs of use of lsmaint and lsdata?

    Our Audit guys are somewhat troubled that there is no auditing of the use of lsmaint and lsdata (as far as I know at least). Of course it could be debated how useful that would be, but if use of these tools would be l...
    RSA Admin
    last modified by RSA Admin
  • Windows Agenetless question

    I an runing the agentless collector on about 70 Domain controllers.  I have been running the Wintool each day to look at the status because in genrela the log collection does not seem stable.  Every day I se...
    RSA Admin
    last modified by RSA Admin
  • Odd chars when using dbUpdate_watchlist.cmd

    I have a txt file that is created via a script that parses an enVision report in csv format.  When I open the txt file with notepad it looks just fine.  When I run >dbUpdate_watchlist.cmd TermedEmp 30dTer...
    RSA Admin
    last modified by RSA Admin
  • Powershell and .Net

    Please consider Microsoft Powershell and .Net as approved applications for installation on enVision systems.   Tech support's response currently is:   "You are always permitted to install any application...
    RSA Admin
    last modified by RSA Admin
  • field delimeters in Symantecavmsg.xml

    For those of you have installed last months device update AND you run Symantec Antivirus  (not referring to SEP),  I'm curious to know if anyone has noticed any problems with the way the file parses the...
    RSA Admin
    last modified by RSA Admin
  • Extremely Slow Event Explorer Login

    I've heard slow login's are common with Event Explorer but on all of our machines we are seeing in excess of 10 minutes to login.  Since we are using SSL I not able to fully explore the packet data.   I am...
    RSA Admin
    last modified by RSA Admin
  • Create a report with monthy totals

    Has anyone found a way to create a report that shows monthly totals, spanning over several months?   For example, I'm looking for a way to create a graphical report that shows the total number of MessageID's p...
    RSA Admin
    last modified by RSA Admin
  • Creating an alert based on NIC free disk space - how?!

    Experts,   Is there any way to create an alert based on the free disk of my enVision appliances?  I have a terrible problem of filling up the hard drives on my LCs.  I would like to create an alert th...
    RSA Admin
    last modified by RSA Admin