The service configuration files--for Decoder, Log Decoder, Broker, Concentrator, Archiver, and Workbench services-- are editable as text files. In the Service Config view > Files tab, you can:
View and edit a service configuration file that the Security Analytics system is currently using.
Retrieve and restore the latest backup of the file you are editing.
Push the open file to other services.
Save changes made to a file.
The files available to edit vary depending upon the type of service being configured. The files that are common to all Core services are:
The service index file.
The netwitness file.
The crash reporter file.
The scheduler file.
In addition the Decoder has files that configure parsers, feed definitions, and a wireless LAN adapter.
Note: The default values in these configuration files are generally good for the most common situations; however, some editing is necessary for optional services, such as the crash reporter or scheduler. Only administrators with a good understanding of the networks and the factors that affect the way services collect and parse data should make changes to these files in the Files tab.