• No syslog collection option on the VLC

    The syslog collection option isn't showing up for the remote log collector. Not sure why? The other 9 collection methods show, but syslog doesn't on the VLC.
    Visham Rawat
    last modified by Visham Rawat
  • Data Retention Scheduler best practices

    What are the best practices when using the Data Retention Scheduler for NW Packet decoders/concentrators? We typically set the retention to 30 to 90 days. The default for "Run" is every 15 minutes which seems quite lo...
    Richard van den Berg
    last modified by Richard van den Berg
  • RSA archer and NW compatibility

    I'm upgrading to RSA NW 11.3.1 from NW 11.2 and using RSA Archer V6.3 Is my rsa archer V6.3 is compatible with NW 11.3.1 or I need to upgrade archer also..??
    Rahul Chauhan
    last modified by Rahul Chauhan
  • Palo Alto syslog format for RSA Netwitness

    I would like to know what syslog format Palo Alto send to RSA Netwitness for default i'm set  BSD, but in other SIEM's Syslog formart are (CEF or leef).
    Leandro Chistoni
    last modified by Leandro Chistoni
  • System Maintenance: /var/log drive is full

    Hello Guys,   Good Day!   In our environment we are facing /var/log drive full in one pf log decoder.   After du - sh * running come to know that drive is full due to cd/var/log/rabbitmq . ...
  • SA server not able to fetch node ID details

    Hi all,    We are using netwitness 11.1.0 but due to some log collection issue we were trying to remove and re-add the Log collector service in SA server. But now we are not able to add the log collector se...
    rajbir singh
    last modified by rajbir singh
  • correct version not reflecting on host page

    I'm using version 11.2 but my VLC shows as 11.1 on host page, though they are already upgraded to 11.2. Need help..??
    Rahul Chauhan
    created by Rahul Chauhan
  • Syslog Configuration

    syslog integration : Dear Team  while integration of Syslog Port 514 is not being accepting in syslog event source  In our RSA  env 11.3.1.1   Kindly support    Vijay Kumar Tumu 905...
    Siem sdc
    last modified by Siem sdc
  • Excel import to RSA Netwitness and compare it with the traffic

    Hi, may i know how can we import the ioc in excel sheet into RSA Netwitness, and compare the excel sheet with the current traffic in the RSA Netwitness to check whether the folllowing ioc in excel sheet is being ...
    Xue YQ
    last modified by Xue YQ
  • DB2 (Based on Linux) integration

    Hello All,    We are in process to integrate DB2 with RSA netwitness 11.1. We checked the RSA integration document and found DB2  integration for windows and AIX is already supported.    Can...
    rajbir singh
    last modified by rajbir singh
  • Auto-Add Windows Event Sources - addWindowsSources.py

    Date:       30 November, 2016 From:      Tim Underhay (tim.underhay@knowledgekta.com) To:           All Owners...
    Timothy Underhay
    last modified by Timothy Underhay
  • Chef didn't find conf file client.rb

    Hi All,    We are facing issue in installing log decoder and log collector service on log decoder.    we found that log collector service is missing on log decoder and while we tried to add it ma...
    rajbir singh
    last modified by rajbir singh
  • Trap OID for Netwitness Admin Server

    Dears,    Does anyone knows which trap OID we should use in legacy and global notification server settings for SNMP server.    I am getting snmp traps in my SNMP server which is IBM Tivoli also k...
    rajbir singh
    last modified by rajbir singh
  • VLC not forwarding logs to Log Decoder (Shavel Failed)

    Hi all,   Facing some issue in VLC log forwarding .   I found logs are not coming to log decoder and once i checked vlc then foun vlc itself not sending logs and showing shovel failed on destination coll...
    rajbir singh
    created by rajbir singh
  • RSA SA 10.6.6 Backup - Error backing /etc directory

    Upgrade from RSA SA 10.6.6 to NetWitness 11.3. I've run the backup script, and am getting the following error for 4 of my 18 machines, others are fine.   2019-09-10 18:32:47 +0100 | 29554 | Backing up ETC(/etc) ...
    Visham Rawat
    last modified by Visham Rawat
  • Netwitness Investigator 10.6 debug mode

    In previous versions of Netwitness Investigator 9.x, there was a debug mode made available for load times. After configuring for debug mode it is possible to find the load times of each meta value and the total l...
    James Stone
    last modified by James Stone
  • Drop behind sessions on Concentrator

    Is there no way to drop the behind sessions from being processed on the Concentrator? For instance, we can delete the rdq files from the Log Decoder. Is there no similar way on the Concentrator?
    Visham Rawat
    last modified by Visham Rawat
  • Concentrator - Aggregation Settings

    What exactly is Aggregate Hours?   The description says - "the hours back to begin aggregation, the milliseconds between rounds of aggregation, and maximum number of sessions per aggregation round."   W...
    Visham Rawat
    last modified by Visham Rawat
  • RSA SA to NetWitness Migration - Downtime

    In upgrading from RSA SA 10.6.6 to NetWitness 11.3 - the downtime begins as soon as we run the backup script, right? We've got to stop the aggregation and processing of logs prior to executing backup. Also, the ...
    Visham Rawat
    created by Visham Rawat
  • External Backup Host for Upgrade to 11.3

    Is there an alternative to setting up an external CentOS backup host for the backup procedure prior to migration to 11.3?   I was informed that we can use the SA Head Unit as the backup host. Can this be done? ...
    Visham Rawat
    last modified by Visham Rawat