This topic introduces the Decoder and Log Decoder configuration files that are visible in the Services Config view > Files tab.
The Decoder and Log Decoder configuration files are visible and editable in the Services Config view > Files tab. Edit Core Services Configuration Files provides general instructions for editing files.
Like other core Security Analytics services, both the Decoder and Log Decoder have an index file, and may also have a crashreporter, netwitness, and scheduler. The Decoder and Log Decoder index files are named index-decoder.xml and index-logdecoder.xml.
Note: This file type is available only for Log Decoder with Envision content installed. Table-map.xml and table-map-custom.xml will now show up but only if table-map.xml was found on the file system (e.g., it's a log decoder with envision content installed).
|Geo IP Parser||This fixed parser takes the IP addresses and converts them to geographical locations. The locations are displayed through the Google Earth display.|
|Flex Parser||This is a generic parser definition language for extending the existing application protocol support of the Decoder.|
|Feed Definitions File||Used to create custom feeds, this is the XML schema used by the Decoder to define a feed message when it creates a .feed file.|
|Search Parser||This is the Search Parser configuration file, The Search Parser is a custom parser, used to generate metadata by scanning for pre‐defined keywords and regular expressions.|
|Wireless LAN Configuration||This is the wireless LAN configuration file (9/9/2009). This file controls the 802.11 parsers. Its chief purpose is to control decryption of raw 802.11 frames captured by the Decoder.|