AnsweredAssumed Answered

Pausing File Reader service on LogDecoder/LogCollector

Question asked by RSA Admin Employee on Nov 7, 2014

Greetings.

 

In SA, I would like to pause the File Reader process on a LogDecoder/LogCollector.  I wish to review the files that are getting sent from an event source.  I can see in /var/log/messages that the files are being received and successfully processed, but I would like to review the content of a file for troubleshooting purposes.

 

With the enVision product, I would simply stop the NIC File Reader service to accomplish this task.  Is there an equivalent procedure that can be done in SA?

Outcomes