000026306 - How to manually compile and deploy custom feeds using NwConsole in RSA NetWitness environments

Document created by RSA Customer Support Employee on Jun 14, 2016Last modified by RSA Customer Support Employee on Apr 21, 2017
Version 4Show Document
  • View in full screen mode

Article Content

Article Number000026306
Applies ToRSA NetWitness NextGen
RSA NetWitness Decoder
RSA NetWitness Hybrid
RSA NetWitness NwConsole
RSA NetWitness Administrator
IssueHow to manually compile and deploy custom feeds using NwConsole in RSA NetWitness environments.
How do I manually compile and deploy custom feeds to my RSA NetWitness Decoder?
ResolutionPlease follow the following steps:

1.  Using scp, transfer your custom feed xml defintion and csv file to your Decoder. Do NOT copy them to /etc/netwitness/9.0/feeds or /etc/netwitness/ng/feeds.  See the knowledgebase article Creating and Deploying Custom Feeds Using RSA NetWitness Live Manager 2.x
for guidance on creating custom feeds.

2.  SSH to your Decoder.

3.  'cd' to the directory you copied your feed files to.

4.  Run 'NwConsole'

5.  Enter the following command:
     
feed create <yourFeedDefinitionXMLFile>

*  If the command does not succeed, there is a problem with your XML definition and/or csv file.  Please revisit the knowledgebase article Creating and Deploying Custom Feeds Using RSA NetWitness Live Manager 2.x or contact RSA NetWitness Support if you need further assistance.

6.  If successful, enter 'exit'

7.  Copy the new .feed file to /etc/netwitness/9.0/feeds or /etc/netwitness/ng/feeds, depending on the version.

8.  From RSA NetWitness Administrator, connect to and open the Decoder service.

9.  Navigate to the Console tab.

10.  Issue the following command to reload feeds on the Decoder:
     /decoder/parsers feed op=notify
Legacy Article IDa58924

Attachments

    Outcomes