000036562 - How to enable a log decoder in RSA NetWitness Logs & Network to process raw syslog data that does not contain a valid priority field

Document created by RSA Customer Support Employee on Sep 26, 2018
Version 1Show Document
  • View in full screen mode

Article Content

Article Number000036562
Applies ToRSA Product Set: NetWitness Logs & Network
RSA Product/Service Type: Security Analytics Server
RSA Version/Condition: 10.6.5, 11.1.0.0
IssueIn versions 10.6.5 + and 11.1+ we now have the option to process raw syslog data that does not contain a valid priority (<PRI>) field.  In previous versions, this syslog would be dropped by the decoder and not processed at all.  
Resolution1. Go to the log decoder explore page.
2. Open log decoder config
3. Find capture.device.params
4. Add in -> requirePri=false
5. restart the log decoder service

Attachments

    Outcomes