Upload Log to Decoder not enabled?
How can I enable the Upload Log File button, which is currently grayed out/disabled in Admin -> Services -> [our log decoder] -> System? When I mouse over it, the tooltip says "upload logs from local files to undefined for processing"
How can I define the "undefined"?
Any suggestions? Thank you in advance for any/all help!
You have to stop capture on the Log Decoder (done on the same screen, button right now to Upload Load File). Once the Log Decoder stops the capture completely (takes a few seconds), then the Upload Log File will be active for you to click and load/inject your log file.
Naushad A Kasu | Senior Practice Consultant, Professional Services | RSA | m: 612.772.5843 | e: email@example.com<mailto:firstname.lastname@example.org> | www.rsa.com<http://www.rsa.com/>
UPCOMING OUT OF OFFICE
Conference: Training: October 3-6
Another option is to copy NwConsole to a CentOs workstation (ver 6.7 is best) and upload the packets.
This way the decoder capture can be running to import the packets
cd to directory where the packets are located
> login decoder:50004 admin password
<decoder:50004]> import *.pcap (The import prefer to have .pcap extension to import)
The other option is to mount the drive on a decoder and do the above.
If you are going to import packets quite often, I also suggest you create an account for that decoder under the security tab with a role of decoder.manage (only) and a user account that use that role only. That account can only import packets from that decoder for better security.
You can also investigate using NwLogplayer to replay the logs to a log decoder/VLC
NwLogPlayer -r 1 --rate 1 -f /DemoTools/logs/relay_10.6.2.log -s 192.168.1.118 -p 514
It might not be installed OOTB on the log decoder but you should be able to install the package from yum manually from the RSA repo.