Pausing File Reader service on LogDecoder/LogCollector
In SA, I would like to pause the File Reader process on a LogDecoder/LogCollector. I wish to review the files that are getting sent from an event source. I can see in /var/log/messages that the files are being received and successfully processed, but I would like to review the content of a file for troubleshooting purposes.
With the enVision product, I would simply stop the NIC File Reader service to accomplish this task. Is there an equivalent procedure that can be done in SA?
- Community Thread
- Forum Thread
- RSA NetWitness
- RSA NetWitness Platform