This website uses cookies. By clicking Accept, you consent to the use of cookies. Click Here to learn more about how we use cookies.
Accept
Reject
Register Now
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
NetWitness Discussions

Gather log parsers version information

MaximSiyazov1
Beginner
Beginner

‎2017-06-21 02:12 PM

Is there a way to gather a version information of currently deployed on log decoders parsers? 

The command "/decoder/parsers devices" returns just list of parsers without version information.

0 Likes
3 REPLIES 3

NaushadKasu1
Trusted Contributor Trusted Contributor
Trusted Contributor

‎2017-06-21 02:18 PM

You can run this on the Log Decoder via SSH:

 

find /etc/netwitness/ng/envision/etc/devices/ -name "*msg.xml" -type f -print -exec egrep -i "revision=|xml=" {} \;

 

Should give you an good starting point to understand the revisions of the parsers that exist if you need to compare it against another parser.

0 Likes

MaximSiyazov1
Beginner
Beginner
In response to NaushadKasu1

‎2017-06-21 02:59 PM

Thanks. I was thinking about some API call to gather that maybe through the Explore view. I am not very keen on giving the ssh root access to a person who just needs to know a parser's version. 

Generally speaking, RSA SA has lots of different content across different devices but lacking a good manageability of it. 

I technically can post the output of such a script to the SA server's http folder but it would be great to have this information out of the box.  

0 Likes

JoeGumke
Beginner
Beginner
In response to MaximSiyazov1

‎2017-06-22 08:17 AM

Hey Maxim,

 

I'd recommend checking this link out to help : https://community.rsa.com/docs/DOC-61644 

© 2022 RSA Security LLC or its affiliates. All rights reserved.