Skip navigation

Log in to create and rate content, and to follow, bookmark, and share content with other members.

000032520 - How to restore an RSA Security Analytics Log Collector configuration that was accidentally deleted

Document created by RSA Customer Support

on Jun 14, 2016•Last modified by RSA Customer Support

on Apr 21, 2017

Version 2Show Document

Like • Show 0 Likes0
Comment • 0
View in full screen mode

Article Content

Article Number	000032520
Applies To	RSA Product Set: Security Analytics RSA Product/Service Type: Log Collector
Tasks	Every time a change is made to the event source configuration, a backup file of the configuration is created here: /etc/netwitness/ng/NwLogCollector.cfg.x To restore from the backup perform the following steps: Stop the Log Collector service. stop nwlogcollector Navigate to the /etc/netwitness/ng directory. cd /etc/netwitness/ng Create a backup of the NwLogcollector.cfg file as well as the Nwlogcollector.cfg.x file that will be restored. Check the contents of the file to be restored and make sure the deleted event source is available. Move the NwLogcollector.cfg file to another directory (e.g. /root) and rename Nwlogcollector.cfg.x to be Nwlogcollector.cfg instead. Start the Log Collector service again. start nwlogcollector If you are unsure of any of the steps above or experience any issues, contact RSA Support and quote this article number for further assistance.

Attachments

Outcomes

0 Comments

Recommended Content