It may be necessary to perform a data reset on a decoder for any number of reasons including:
- Corruption on databases (in addition to the Index, which can easily be reset itself without data reset)
- Removing all data on the device
Follow these steps in the RSA Security Analytics UI to perform a data reset on a Decoder:
- Navigate to Admin > Services > Decoder > View > System.
- On the Decoder's System page, press the "Stop Capture" button to stop capture - it may take some time for the "Capture has stopped" message to appear.
- Navigate to Admin > Services > the upstream Concentrator > View > Config > General tab.
- Under "Aggregate Services," remove the Decoder from the Concentrator by selecting it and pressing the minus (-) button in the options just below the words "Aggregate Services."
- Navigate to Admin > Services > Decoder from Step 1 > Explore.
- Right-click the "decoder" directory and click on the "Properties" option.
- In the drop-down menu, choose "reset", type "data=1" in the parameters, and click Send. The output will provide you with a verification value that you will have to type after the existing parameters ("data=1") and then click Send once more.
- For example: "data=1 verify=1234567890"
- This will cause all databases to be zeroed and the Decoder service will be restarted automatically. If there is a lot of data on the Decoder, it may be a minute or two while the system deletes the database files.
- Once you can connect back to the Decoder using the RSA Security Analytics UI, you can also add the Decoder back into the upstream Concentrator.