The syslog collection option isn't showing up for the remote log collector. Not sure why? The other 9 collection methods show, but syslog doesn't on the VLC.
How was the VLC installed? ISO or OVA?
The local collectors do not have a syslog option where as the VLC does. I am curious if somehow your VLC thinks it is a LC
I'm not sure. The build team deployed the RC in AWS
on the affected VLC , can you run the command below and check its content if showing "LC" or "RC" :
if showing LC, then you are hitting a known bug and to fix you need to do the following :
1. Stop nwlogcollector on VLC:
2. Delete the content of File /etc/netwitness/ng/logcollection/logCollectionType if it's showing string "LC" :
3. After deleting, save the file and exit.
4. Run the following command (Note: DO NOT USE vi or echo to write in to the file as it will create an extra line which will invalidate the file):
printf RC > /etc/netwitness/ng/logcollection/logCollectionType
5. Start nwlogcollector
6. Now check the status of the “syslog” collection on the VLC which should now be displayed
Ran the command - it shows 'RC'
Strange thing - I see nothing in the Explore view for the VLC and on the System view all I see is Collection (see attached snapshots).
Any idea why this could be? Is it due to some port not being open between SA and the RC?
Retrieving data ...