@IACCS_SIEM
What type of logs are being forwarded to your VLC? Are they syslogs, Windows logs, etc.? Can you confirm that the VLC is correctly connected to the log decoder? Is your VLC setup to push items to the log decoder or is the log collector on the log decoder setup to pull them from the VLC? It is important to know that you cannot have it setup to do both ways as it will not work. You have to decide which way is best for your environment. By default we suggest pulling from the VLC to the Log Decoder's log collector.
Please review the following documentation: https://community.netwitness.com/t5/netwitness-platform-online/log-collection-configuration-guide-for-12-4/ta-p/709111
Start at page 12 and review how to connect the VLC to the log collector. Looking over this documentation may help determine if a step was missed or if something was incorrectly configured. If it continues to be an issue, I highly suggest opening a NetWitness Support case as it may be a more complex issue.
It is also important to note that you should be on 12.3 or above as older versions are no longer supported by NetWitness. If you aren't on 12.4.0 or above, you really need to upgrade as soon as possible as the underlying CentOS 7 is no longer a supported operating system.
