This website uses cookies. By clicking Accept, you consent to the use of cookies. Click Here to learn more about how we use cookies.
Accept
Reject
Register Now
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
NetWitness Discussions

New File Reader event source?

Go to solution
Anonymous
Not applicable

‎2015-03-25 02:30 PM

Is it possible to create a custom file reader event source?  We want to collect logs but it does not seem to want to accept them using a different one to test. 

0 Likes
1 ACCEPTED SOLUTION

Accepted Solutions

Go to solution
LeeKirkpatrick
Valued Contributor Valued Contributor
Valued Contributor

‎2015-03-26 05:05 AM

Hi Sean,

 

I would look at the following link:

 

(Optional) Create Custom Content Typespec for File Collection - RSA Security Analytics Documentation

 

It takes you through an explanation of creating your own Typespec to transform the file.

View solution in original post

0 Likes
2 REPLIES 2

Go to solution
LeeKirkpatrick
Valued Contributor Valued Contributor
Valued Contributor

‎2015-03-26 05:05 AM

Hi Sean,

 

I would look at the following link:

 

(Optional) Create Custom Content Typespec for File Collection - RSA Security Analytics Documentation

 

It takes you through an explanation of creating your own Typespec to transform the file.

0 Likes

Go to solution
Anonymous
Not applicable
In response to LeeKirkpatrick

‎2015-04-10 09:39 AM

I think it's a bit optimistic to say the document takes you through it,  🙂  but it does tell you what you need to know.  I'd start with something like the apache.xml and change all references to apache to refer to your parser, and take it from there.

 

You need to restart the logcollector when you change this file.

© 2022 RSA Security LLC or its affiliates. All rights reserved.