000026308 - What are the known issues with RSA NetWitness NextGen

Document created by RSA Customer Support Employee on Jun 14, 2016Last modified by RSA Customer Support Employee on Apr 21, 2017
Version 3Show Document
  • View in full screen mode

Article Content

Article Number000026308
Applies ToRSA NetWitness NextGen
RSA NetWitness NextGen
What are the known issues with RSA NetWitness NextGen


This solution compliments the release notes for NetWitness NextGen  This list is intended to provide information on issues discovered since release that may have an impact on operation of your NetWitness appliances and software.  Refer to each issue's accompanying solution for more information.

Known Issues With NextGen

Issue 1:  The Investigator 9.8 Demo collection is indexed differently. Investigator 9.7 crashes if Investigator 9.8 is installed.

Please see the knowledgebase article RSA NetWitness Investigator 9.7 or 9.6 will not open when version 9.8 is installed to fix this issue.


Issue 2:  IMPORTANT:  At this time, customers who are using Envision/Z-Connector should NOT upgrade to 9.8 due to a known incompatibility between the enVision Z-Connector and LogDecoder 9.8.   This is a known issue (Jira Nex-1602) and will be fixed in the next release of NextGen



Issue 3:  IMPORTANT: CentOS6 decoder BPF rules not saved and removed from NwDecoder.cfg  This is a known issue (Jira NEX-1614) and will be fixed in the next release of NextGen,


There is no workaround at this time.


Issue 4:  IMPORTANT: During the upgrade process, we have modified the instructions such that the customer should stop the Service being upgraded prior to the upgrade to ensure that the configuration(s) are being successfully moved during the upgrade process.


  • IMPORTANT: During this process we encourage users to Stop the service being upgraded (decoder, logdecoder, concentrator, broker). To do this, please see the Upgrade instructions attached below.
  • IMPORTANT: Additionally, once the appropriate service has been stopped we are encouraging customers to PLEASE make a back-up copy of the /etc/netwitness/9.0 directory by performing the following:  

       Cd /etc/netwitness

        Mkdir 9.0_bak

       Cd 9.0

        Cp -r * ../9.0_bak

Legacy Article IDa59819