The Decoder and Log Decoder configuration files are visible and editable in the (Admin) > Services > Config view > Files tab. "Edit Core Services Configuration Files" in the Hosts and Services Getting Started Guide provides general instructions for editing files. (Go to the Master Table of Contents to find all RSA NetWitness Platform 11.x documents.)
Like other Core services, both the Decoder and Log Decoder have an index file, and may also have a crashreporter, netwitness, and scheduler. The Decoder and Log Decoder index files are named index-decoder-custom.xml and index-logdecoder-custom.xml.
Note: Table-map.xml and table-map-custom.xml are available only for Log Decoders with log content installed.
What do you want to do?
|User Role||I want to...||Documentation|
|Administrator||obtain log files from pre-11.0 Log Decoder||Obtain Log Files from a Pre-11.0 Log Decoder|
|Administrator||edit files and parsers|
- Decoder and Log Decoder Quick Setup
- Create Custom Meta Keys Using a Custom Feed
|GeoPrivate.ipl||This fixed parser takes the IP addresses and converts them to geographical locations. The locations are displayed through the Google Earth display.|
|feed-definitions.xml||Used to create custom feeds, this is the XML schema used by the Decoder to define a feed message when it creates a .feed file.|
|traffic_flow_options.lua||Used to provide directionality information. Update this file with environment-specific internal and external subnets for the Lua parser to create proper directionality in metadata. The parser is described in RSA Content for RSA NetWitness Platform.|
|search.ini||This is the Search Parser configuration file. The Search Parser is a custom parser, used to generate metadata by scanning for pre-defined keywords and regular expressions.|
|wlan-config.xml||This is the wireless LAN configuration file (9/9/2009). This file controls the 802.11 parsers. Its chief purpose is to control decryption of raw 802.11 frames captured by the Decoder.|