NetWitness Community

VishamRawat · ‎2019-05-22

The syslog collection option isn't showing up for the remote log collector. Not sure why? The other 9 collection methods show, but syslog doesn't on the VLC.

DaveGlover · ‎2019-05-22

How was the VLC installed? ISO or OVA?

The local collectors do not have a syslog option where as the VLC does. I am curious if somehow your VLC thinks it is a LC

HamedTorabi · ‎2019-05-22

on the affected VLC , can you run the command below and check its content if showing "LC" or "RC" :

cat /etc/netwitness/ng/logcollection/logCollectionType

if showing LC, then you are hitting a known bug and to fix you need to do the following :

1. Stop nwlogcollector on VLC:

stop nwlogcollector

2. Delete the content of File /etc/netwitness/ng/logcollection/logCollectionType if it's showing string "LC" :

3. After deleting, save the file and exit.

4. Run the following command (Note: DO NOT USE vi or echo to write in to the file as it will create an extra line which will invalidate the file):

printf RC > /etc/netwitness/ng/logcollection/logCollectionType

5. Start nwlogcollector

start nwlogcollector

6. Now check the status of the “syslog” collection on the VLC which should now be displayed

VishamRawat · ‎2019-05-22

Hi Dave,

I'm not sure. The build team deployed the RC in AWS

VishamRawat · ‎2019-05-22

Hi Hamed,

Ran the command - it shows 'RC'

VishamRawat · ‎2019-05-22

Strange thing - I see nothing in the Explore view for the VLC and on the System view all I see is Collection (see attached snapshots).

Any idea why this could be? Is it due to some port not being open between SA and the RC?

NetWitness Community

No syslog collection option on the VLC