Skip navigation
All Places > Products > RSA NetWitness Platform > RSA NetWitness Platform Online Documentation > Documents
Log in to create and rate content, and to follow, bookmark, and share content with other members.

Log Parser Customize: Appendix A - Select the Reference Log Decoder

Document created by RSA Information Design and Development Employee on Jul 25, 2018Last modified by RSA Information Design and Development Employee on Nov 11, 2020
Version 11Show Document
  • View in full screen mode

For version 11.2, RSA has added the ability to add log parsers and log parsing rules through the UI, using the Log Parsers view. The Log Parsers tab is populated based on your reference Log Decoder. If you have more than one Log Decoder, you can select which acts as the reference one for populating the tab in the UI. This topic describes the procedure to do so.

Note: If you have previously set a reference log decoder, make sure that it is at NetWitness version 11.5 or later to get full functionality.

To change the reference log decoder:

  1. In the NetWitness Platform UI, navigate to (Admin) > Services.
  2. For the Content Server, select View > Explore.
  3. From the left navigation panel, expand content > parser.
  4. To set the reference log decoder, enter a value for preferred-log-decoder-name-for-sync.

    Enter the name listed in the Name column on the ADMIN > Services screen for your preferred log decoder.

  5. The change takes effect during the next system sync, based on the log-decoder-sync-interval. To sync sooner, you can do either of the following:

    • To sync immediately, restart the Content Sever: in the (Admin) > Services view, from the Actions menu for the Content Server, select actions menu > Restart.
    • Change the log-decoder-sync-interval parameter from its default of 12 hours to your preferred interval. Note that the minimum value for this parameter is 1 HOUR.

You are here
Table of Contents > Select the Reference Log Decoder