Log Replay for File Based Sources
I am trying to test a parser that I have created for SAP. In the NWLPT tool, I have created the parser and it works all the logs are parsed . When I deploy this on my test system and try to replay logs (both via uploading the log file and via the Log Replay utliity), the logs are identified as Unknown, even though the same parser is uploaded and enabled.
Does the log replay / upload utitlity work for file based log sources? If no, what else could I use for testing if it all working fine before uploading the parser to my PROD environment.
Thanks in advance for the replies and the assistance.
- Community Thread
- Forum Thread
- log replay
- RSA NetWitness
- RSA NetWitness Platform
Are you sure that you reloaded the parsers on your log decoder? Go to Services --> Log Decoder --> Explore --> expand Decoder --> Right-click on parsers and select Properties --> choose "Reload" and click Send. You'll see the below Response Output.
I did that but it did not work. In the end I had to push this to my deployment and it works fine now.
I think the parsing with log replay does not work well with pull based log sources. Maybe I should have hard tagged the event source when doing this testing.
However, thanks for your input .