This website uses cookies. By clicking Accept, you consent to the use of cookies. Click Here to learn more about how we use cookies.
Accept
Reject
Register Now
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
NetWitness Discussions

Feeds Varies in Packet Decoders

Go to solution
pranavsankar1
Beginner
Beginner

‎2016-06-21 03:38 AM

Hi All ,

 

When checking in feeds of decoders,inspected that in Log decoders parser/feeds using (ls -l | wc -l) im getting the same number across all Log decoders. But in Packet Decoders it varies.

 

1.What could be the reason?

2.What the feeds number represent ?

 

Thanks in advance

 

Regards

Pranav Sankar

0 Likes
1 ACCEPTED SOLUTION

Accepted Solutions

Go to solution
EricPartington
Employee
Employee

‎2016-06-24 12:05 PM

check for the feeds deployed that might be custom in your environment and make sure the decoders configured make sense to you

Main menu > rsa live > feeds

check each one to make sure that they are deployed to the right *decoders or group that includes what you want it to.

 

to check the RSA Live feeds you need to check whats subscribed and deployed .  Also see if service groups have been created and if all your * decoders are in the right groups.  if you have deployed content (feeds) to groups but the groups are not set properly then you will see uneven content.

View solution in original post

0 Likes
2 REPLIES 2

Go to solution
Anonymous
Not applicable

‎2016-06-21 09:02 AM

Could be anything really.  Try to do a side by side comparison.  There could be some feeds that are really specific for packets than logs and vice-versa.

0 Likes

Go to solution
EricPartington
Employee
Employee

‎2016-06-24 12:05 PM

check for the feeds deployed that might be custom in your environment and make sure the decoders configured make sense to you

Main menu > rsa live > feeds

check each one to make sure that they are deployed to the right *decoders or group that includes what you want it to.

 

to check the RSA Live feeds you need to check whats subscribed and deployed .  Also see if service groups have been created and if all your * decoders are in the right groups.  if you have deployed content (feeds) to groups but the groups are not set properly then you will see uneven content.

0 Likes
© 2022 RSA Security LLC or its affiliates. All rights reserved.