2017-08-30 11:50 AM
How can I enable the Upload Log File button, which is currently grayed out/disabled in Admin -> Services -> [our log decoder] -> System? When I mouse over it, the tooltip says "upload logs from local files to undefined for processing"
How can I define the "undefined"?
Any suggestions? Thank you in advance for any/all help!
2017-08-30 12:46 PM
Andrew,
You have to stop capture on the Log Decoder (done on the same screen, button right now to Upload Load File). Once the Log Decoder stops the capture completely (takes a few seconds), then the Upload Log File will be active for you to click and load/inject your log file.
Naushad A Kasu | Senior Practice Consultant, Professional Services | RSA | m: 612.772.5843 | e: naushad.kasu@rsa.com<mailto:naushad.kasu@rsa.com> | www.rsa.com<http://www.rsa.com/>
UPCOMING OUT OF OFFICE
Conference: Training: October 3-6
<https://community.rsa.com/welcome>
<https://community.rsa.com/welcome>
2017-08-30 02:12 PM
Another option is to copy NwConsole to a CentOs workstation (ver 6.7 is best) and upload the packets.
This way the decoder capture can be running to import the packets
cd to directory where the packets are located
$ NwConsole
> login decoder:50004 admin password
<decoder:50004]> import *.pcap (The import prefer to have .pcap extension to import)
The other option is to mount the drive on a decoder and do the above.
If you are going to import packets quite often, I also suggest you create an account for that decoder under the security tab with a role of decoder.manage (only) and a user account that use that role only. That account can only import packets from that decoder for better security.
2017-09-01 11:17 AM
You can also investigate using NwLogplayer to replay the logs to a log decoder/VLC
NwLogPlayer -r 1 --rate 1 -f /DemoTools/logs/relay_10.6.2.log -s 192.168.1.118 -p 514
It might not be installed OOTB on the log decoder but you should be able to install the package from yum manually from the RSA repo.