Looking for some detailed answers on NwConsole:
- Error handling - using NwConsole in a script and need to implement error handling. What is the list of valid error/return codes that NwConsole can return and what do they mean? It appears that 0 is the default return value regardless of success or failure?
- Can NwConsole "track file names" like the SA UI so that we can query if a file has already been loaded?
- the NwConsole import command lists the following syntax "import [-noSource] [collection=<collection>] [-create] [node=<node>] filename.ext: I've been able to figure out that -noSource means the sourcefile meta key isn't populated, but what do "collection", "-create" and "node" do?
- We're using a single NwConsole command to ingest each pcap file: "NwConsole -c login <decoder ip>:50004 admin <password> -c import <file>" and getting a sporadic error when running the command but only sporadically with the following output:
>login <ip>:50005 admin <password> [normal]
Sever did not return our connection id. Possible cause: SSL may be enabled. [first error message]
>import <file> [normal]
You must login first before importing packets to a Decoder." [second error message, probably a result of the first]