Hello, I have custom logs that I would like to upload to rsa netwitness via the RESTful API. get the address and the port of my decoder but I have the following error message:" 400 Bad Request: Packet import can not execute while live capture is running". Actually in the documentation: RESTful API User Guide for RSA NetWitness® Platform 11.x
it is well indicated on page 10 that: "Note: The DECODER cannot be competitively importing or capturing, or an error results."
How we can do ? Is it then necessary to dedicate a decoder to the reception of logs uploaded via API-REST ?
Best regards
If you are uploading logs you can use nwlogplayer binary to replay logs to the capture interface of the LD without needing to stop capture
I use the process to script uploading of logs via nwlogplayer (yum install nwlogplayer)
If you are uploading via the sdk you must stop capture before uploading. I wrote this script to help me with the process (stop capture, upload file, start capture).