This website uses cookies. By clicking Accept, you consent to the use of cookies. Click Here to learn more about how we use cookies.
Accept
Reject
Register Now
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
NetWitness Discussions

Not able to start log decoder, status: Initialization error

Go to solution
huanzhou1
Beginner
Beginner

‎2013-09-21 11:33 PM

Tried to check the /var/log/message, it said:

 

Sep 22 10:52:45 NWAPPLIANCE21990 nw[3690]: [Engine] [warning] Module logdecoder failed to load: Envision content file /etc/netwitness/ng/envision/etc/ipaddr.tab not found, please load envision content and restart Diagnostic information: /home/hudson/workspace/ng-10.2-linux-tagged-release/label/centos6/src/NwLogParse

 

Any idea where should i get the file?

 

Thank you.

0 Likes
1 ACCEPTED SOLUTION

Accepted Solutions

Go to solution
AdamRasnick
Beginner
Beginner
In response to huanzhou1

‎2013-11-15 01:59 PM

Hey Patriot, yes you will need to get at least a "Basic" Live account to download the Envision content file.  When I show up on site at a customer location, one of the first things I do is reach out to support to have them create the "Basic" account for Live.  Once they have done this, they will email you the credentials.  Every customer that has purchased SA is granted a "Basic" account.  Its just up to you as the PS to request the account creation and creds for the account.  Once you have installed all the devices and licensed everything, the Log Decoder will come up and show "Initialization Error", then you go and search Live for the Envision Content, push it out to the Log Decoder.  It will restart the service on its own and you will be set to go.

View solution in original post

0 Likes
14 REPLIES 14

Go to solution
Anonymous
Not applicable

‎2013-09-23 08:50 AM

Hi Patriot,

Did you actually load the enVision content through LiveManager?

 

If not, perform a search with Live and for the keyword type in envision.

 

Download the content and deploy this to your Log Decoder.

 

If the content is not loaded, you will get this type of error.

 

 

Thanks,

Bricks...

0 Likes

Go to solution
huanzhou1
Beginner
Beginner
In response to Anonymous

‎2013-09-23 08:53 AM

I don't have live account in this demo system. And i think i didn't load any envision content, how to remove this? Thanks.

 

The IPDB Extractor has the simillar error:

NWAPPLIANCE30859 (IPDB Extractor) Initialization Error


below is the log:

ѺLp Engine 10.2.5.6-1 (Aug 20 2013) 64 bit Startingeine Stats  id: 3097Cing /var/netwitness/ipdbextractor/sessiondb of max size 37.96 GB}g 0 objects with ID range 0 to 0o350ge file found at /etc/netwitness/ng/index-ipdbextractor.xml, using default languagevUit"ion unknown (consider using BOOST_THROW_EXCEPTION)

Dynamic exception type: nw::ipdbextractor::InitError

std::exception::what: Failed to read dir file from location /var/netwitness/ipdbextractor/devicelocation/global/local/directory/

ineƒource '/decoder/import'QRdmin (session 528, 192.168.253.91:37571) has logged in

[root@NWAPPLIANCE30859 ipdbextractor]# more NwServerLog-000000012.log

ѺLp Engine 10.2.5.6-1 (Aug 20 2013) 64 bit Startingeine Stats  id: 3097Cing /var/netwitness/ipdbextractor/sessiondb of max size 37.96 GB}g 0 objects with ID range 0 to 0o350ge file found at /etc/netwitness/ng/index-ipdbextractor.xml, using default languagevUit"ion unknown (consider using BOOST_THROW_EXCEPTION)

Dynamic exception type: nw::ipdbextractor::InitError

std::exception::what: Failed to read dir file from location /var/netwitness/ipdbextractor/devicelocation/global/local/directory/

ineƒource '/decoder/import'QRdmin (session 528, 192.168.253.91:37571) has logged in

 

Thank you.

0 Likes

Go to solution
Anonymous
Not applicable
In response to huanzhou1

‎2013-09-23 11:18 AM

Pretty sure you need the enVision content to boot the log decoder process successfully.

 

 

Thanks.

0 Likes

Go to solution
huanzhou1
Beginner
Beginner
In response to Anonymous

‎2013-09-23 12:03 PM

Thanks. I copied the envision files from another working server then restarted, everything ok now.

 

Need the live account to download envision by default? Why the appliance doesn't include it?

0 Likes

Go to solution
AdamRasnick
Beginner
Beginner
In response to huanzhou1

‎2013-11-15 01:59 PM

Hey Patriot, yes you will need to get at least a "Basic" Live account to download the Envision content file.  When I show up on site at a customer location, one of the first things I do is reach out to support to have them create the "Basic" account for Live.  Once they have done this, they will email you the credentials.  Every customer that has purchased SA is granted a "Basic" account.  Its just up to you as the PS to request the account creation and creds for the account.  Once you have installed all the devices and licensed everything, the Log Decoder will come up and show "Initialization Error", then you go and search Live for the Envision Content, push it out to the Log Decoder.  It will restart the service on its own and you will be set to go.

0 Likes

Go to solution
huanzhou1
Beginner
Beginner
In response to AdamRasnick

‎2013-11-15 11:03 PM

yes, i got the live account and configured the ipdbextractor accordingly. however when i created the rule but there is no data. I opened a support case and waiting for the reply.

0 Likes

Go to solution
Anonymous
Not applicable

‎2014-01-09 11:58 AM

Hi folks. How is everything?

 

Well, I have the same problem. I try to find the enVision Content File at Live and I don't have success.

 

I'm using the last version 10.3 SP1 on my environment.

 

Please, I would like to request your help.

 

Thanks

0 Likes

Go to solution
huanzhou1
Beginner
Beginner
In response to Anonymous

‎2014-01-10 10:35 AM

have you configured the live account? tested connection?

0 Likes

Go to solution
Anonymous
Not applicable

‎2014-01-10 11:00 AM

Hi patriot3w! Yes, it was configured correctly.

 

Yesterday, I opened a ticket at the RSA and had the solution. I only had access for packets resources, and then I couldn't see/find the enVision Content File.

 

Was necessary to adjust my live account together the RSA.

 

Thanks

0 Likes
© 2022 RSA Security LLC or its affiliates. All rights reserved.