I was looking over the rhlinux parser and noticed there are some VARTYPE tags at the top of the file after the version.
Where can I find some documentation on this tag?
Also, after loading the parser into NWLPT1.1, I can't seem to find this information displayed anywhere.
I should also mention we are running Netwitness 11.2.0.1.
Ron
Hello Ronald
I have found the following attached document (Typed+Variables.pdf) describing using VARTYPE validation during header matching, so that it can be used to resolve conflicts within a single device. There are cases where because of unavoidable ambiguity, a higher order priority header will incorrectly match a message.
This can be a very powerful feature, and needs to be used very carefully, it can work positively or negatively in a parser.