|Applies To||RSA Product Set: NetWitness Logs & Network|
RSA Product/Service Type: NetWitness Logs & Network
RSA Version/Condition: 11.2.0, 11.3.0
|Issue||Why do you see a mounted logdecoder partition on a packet hybrid when reimaging to 11.2 or later? Shouldn't this be mounted to /var/netwitness/decoder?|
You would see the reverse on a log hybrid with a /var/netwitness/decoder partition. Shouldn't this be mounted to /var/netwitness/logdecoder?
|Resolution||This is expected behavior. /etc/fstab has a bind mount for /var/netwitness/logdecoder/ and /var/netwitness/decoder. They both point and write to the same place.|
The idea was that there would not have to be separate kickstart selections for each of the S6/S5 packet/log hybrid models: the filesystem layout would be suitable for either.
Warning: Do not modify this configuration as any future modification that was planned for both log and packet hybrids may not be consistent.