Log Parser Customize: Appendix A - Select the Reference Log Decoder

Document created by RSA Information Design and Development on Jul 25, 2018Last modified by RSA Information Design and Development on Sep 20, 2018
Version 4Show Document
  • View in full screen mode
 

For version 11.2, RSA has added the ability to add log parsers and log parsing rules through the UI, using the Log Parsers view. The Log Parsers tab is populated based on your reference Log Decoder. If you have more than one Log Decoder, you can select which acts as the reference one for populating the tab in the UI. This topic describes the procedure to do so.

To change the reference log decoder:

  1. In the NetWitness Platform UI, navigate to ADMIN > Services.
  2. For the Content Server, select View > Explore.
  3. From the left navigation panel, expand content > parser.
  4. To set the reference log decoder, enter a value for preferred-log-decoder-name-for-sync.

    Enter the name listed in the Name column on the ADMIN > Services screen for your preferred log decoder.

  5. The change takes effect during the next system sync, based on the log-decoder-sync-interval. To sync sooner, you can do either of the following:

    • To sync immediately, restart the Content Sever: in the ADMIN > Services view, from the Actions menu for the Content Server, select actions menu > Restart.
    • Change the log-decoder-sync-interval parameter from its default of 12 hours to your preferred interval. Note that the minimum value for this parameter is 1 HOUR.
You are here
Table of Contents > Select the Reference Log Decoder

Attachments

    Outcomes