Hello Moses
It appears you are using the NetWitness Log Decoder for a device type that collects logs using the File Collection method.
When the Log Decoder parsers the contents of an sftp uploaded file, (which in your error message is, sslerror_log.2018.09.26.12.58-nic.20180926130151-1.tmp) it looks for a delimiter character that separates each line of a log message.
For example a line delimiter can be the carriage return and linefeed characters (CRLF = Ascii 0x0d0x0a).
If the line delimiter is not found within the first 1MB of the file then the Log Decoder throws this error.
The line delimiter will be different depending on what device type you have configured in Event Sources, File.
You can look on the NetWitness Log Decoder appliance in the /etc/netwitness/ng/logcollection/content/collection/file directory for the different device types for the File Collection method.
Look for the <lineDelim> value in the device type file, to see what line delimiter character the Log Decoder is looking for.
For example the Apache Tomcat apachetomcat.xml file is looking for a "\n" (newline = LF = Ascii 0x0a) character to separate each log message.
# grep lineDelim /etc/netwitness/ng/logcollection/content/collection/file/apachetomcat.xml
<lineDelim>\n</lineDelim>
Once you know the line delimiter for your chosen device type, check if it appears in the files getting sftp uploaded to NetWitness.
