Sys Maintenance: NwLogPlayer

Document created by RSA Information Design and Development Employee on Jul 28, 2016Last modified by RSA Information Design and Development Employee on Aug 1, 2017
Version 2Show Document
  • View in full screen mode

NwLogPlayer is a utility that simulates syslog traffic. In the hosted environment, NwLogPlayer.exe is a command line utility located on the RSA Security Analytics Client machine in the following directory:

C:\Program Files\NetWitness\NetWitness 9.8 

NwLogPlayer is also located on the Log Decoder host in /usr/bin.


At the command line, type nwlogplayer.exe -h to list the available options, as reproduced here:

--priority argset log priority level
-h [ --help ] show this message
-f [ --file ] arg (=stdin)input message; defaults to stdin
-d [dir ] arginput directory
-s [ --server ] arg (=localhost)remote server; defaults to localhost
-p [ --port ] arg (=514)remote port; defaults to 514
-r [ --raw ] arg (=0)Determines raw mode.
  • 0 = add priority mark (default)
  • 1= File contents will be copied line by line to the server.
  • 3 = auto detect
  • 4 = enVision stream
  • 5 = binary object
-m [ --memory ] argSpeed test mode. Read up to 1 Megabyte of messages from the file content and replays.
--rate argNumber of events per second. This argument has no effect if rate > eps that the program can achieve in continuous mode.
--maxcnt argmaximum number of messages to be sent
-c [ --multiconn ]multiple connection
-t [ --time ] argsimulate time stamp time; format is yyyy-m-d-hh:mm:ss
-v [ --verbose ] If true, output is verbose 
--ip argsimulate an IP tag
--ssluse SSL to connect
--certdir argOpenSSL certificate authority directory
--clientcert arguse this PEM-encoded SSL client certificate 
--udpsend in UDP
Previous Topic:Miscellaneous Tips
You are here
Table of Contents > Troubleshoot Security Analytics > NwLogPlayer