AnsweredAssumed Answered

NwConsole Advanced Help

Question asked by Matthew Chase Employee on Nov 23, 2014
Latest reply on Nov 24, 2014 by RSA Admin

Looking for some detailed answers on NwConsole:


  1. Error handling - using NwConsole in a script and need to implement error handling. What is the list of valid error/return codes that NwConsole can return and what do they mean? It appears that 0 is the default return value regardless of success or failure?
  2. Can NwConsole "track file names" like the SA UI so that we can query if a file has already been loaded?
  3. the NwConsole import command lists the following syntax "import [-noSource] [collection=<collection>] [-create] [node=<node>] filename.ext: I've been able to figure out that -noSource means the sourcefile meta key isn't populated, but what do "collection", "-create" and "node" do?
  4. We're using a single NwConsole command to ingest each pcap file: "NwConsole -c login <decoder ip>:50004 admin <password> -c import <file>" and getting a sporadic error when running the command but only sporadically with the following output:

          >login <ip>:50005 admin <password>  [normal]
           Sever did not return our connection id. Possible cause: SSL may be enabled. [first error message]
           >import <file> [normal]
          You must login first before importing packets to a Decoder." [second error message, probably a result of the first]


Thanks all!