2018-12-26 05:07 PM
I was looking over the rhlinux parser and noticed there are some VARTYPE tags at the top of the file after the version.
Where can I find some documentation on this tag?
Also, after loading the parser into NWLPT1.1, I can't seem to find this information displayed anywhere.
I should also mention we are running Netwitness 11.2.0.1.
Ron
2019-02-09 11:28 PM
Hello Ronald
I have found the following attached document (Typed+Variables.pdf) describing using VARTYPE validation during header matching, so that it can be used to resolve conflicts within a single device. There are cases where because of unavoidable ambiguity, a higher order priority header will incorrectly match a message.
This can be a very powerful feature, and needs to be used very carefully, it can work positively or negatively in a parser.