Skip navigation
All Places > Products > RSA NetWitness Platform > RSA NetWitness Platform Online Documentation > Documents
Log in to create and rate content, and to follow, bookmark, and share content with other members.

Decoder: (Optional) Configure Meta-Only Decoders

Document created by RSA Information Design and Development Employee on Sep 8, 2020Last modified by RSA Information Design and Development Employee on Jan 6, 2021
Version 5Show Document
  • View in full screen mode

You can configure Decoders so that packets and logs can be processed, and then dropped before they are written to disk. This is called a Meta-Only Decoder, which uses the Meta-Only license, and can save storage space (however, analysts cannot reconstruct events in Investigate if you use this option). The configuration option /decoder/config/packet.write.disabled controls this feature. If this option is set to true, all packets are dropped after parsing, so they are never written to the database. This applies to both Log and Network Decoders. The ingested logs and packets flow through the system normally so that parsing and other operations are not impacted. The default setting is false, which preserves the normal behavior of writing packets to disk.

Note: You must purchase the Meta-Only license before you can realize the full benefit of using this option. For information about purchasing licenses, see the Licensing Management Guide for RSA NetWitness Platform. Go to the Master Table of Contents to find all RSA NetWitness Platform 11.x documents.

To configure a Meta-Only Decoder where packets and logs are parsed and not written to disk:

  1. Go to (Admin) > Services and select a Decoder.
  2. Click > View > Explore, and in the left panel, expand decoder and click config.
  3. In the right pane, go to packet.write.disabled, and change the value from false to true.

Note: You can make this configuration update while capture is running, but the update does not take affect until capture is restarted.

For an example of how to use the Meta-Only license to apply centrally-managed capture policies across your Network Decoders, see (Optional) Configure Selective Network Data Collection

You are here
Table of Contents > Configure Common Settings on a Decoder > Configure Capture Settings > (Optional) Configure Meta-Only Decoders