|Applies To||RSA Security Analytics|
RSA Security Analytics Log Collector
RSA NetWitness NextGen
|Issue||How to add custom meta keys for log collection to an RSA Security Analytics Log Collector.|
The enVision log collection meta keys mapping information is stored in /etc/netwitness/ng/envision/etc/table-map.xml.
Making changes in that file could be overwritten by an ESU Update so it is better to put changes in a new file called /etc/netwitness/ng/envision/etc/table-map-custom.xml that should override the existing table-map.xml
A typical entry in table-map-custom.xml would look like the following:
Users then need to restart the nwlogdecoder service for changes to take effect.
If you are unsure of any of the steps above or experience any issues, contact RSA Support and quote this article ID for further assistance.
|Legacy Article ID||a66616|