Skip navigation
All Places > Products > RSA NetWitness Platform > RSA NetWitness Platform Online Documentation > Documents
Log in to create and rate content, and to follow, bookmark, and share content with other members.

Decoder: Process Raw Syslog Data without Priority Field

Document created by RSA Information Design and Development Employee on Sep 8, 2020Last modified by RSA Information Design and Development Employee on Jan 6, 2021
Version 5Show Document
  • View in full screen mode
 
 

You have the option to process raw syslog data that does not contain a valid priority (PRI) field.

To configure a Log Decoder to process syslog without a Priority field:

  1. Go to (Admin) > Services, select the Log Decoder service and The actions menu >  View > System.
  2. Select Stop Capture ().
  3. From the drop-down menu, where System is shown, select Explore.
  4. Select decoder > config.
  5. In the capture.device.params field, add the following text, and then click Enter to save the changes:

    requirePri=false

    Capture Device Params field for Log Decoder

  6. From the drop-down menu, where Explore is shown, select System.
  7. Select Start Capture (). The change takes affect after capture is restarted.

You are here
Table of Contents > Configure Common Settings on a Decoder > Configure Capture Settings > (Optional) Process Raw Syslog Data without Priority Field

Attachments

    Outcomes