Article Number
000030520
Applies To
RSA Product Set: Security Analytics
RSA Product/Service Type: Log Collector, Security Analytics UI
RSA Version/Condition: 10.5.x, 10.6.0.0
Platform: CentOS
Platform (Other): Amazon Web Services (AWS) CloudTrail
O/S Version: EL6
Issue
When the transform file is not present for an
Amazon Web Service (AWS) CloudTrail collection in the required directory (/etc/netwitness/ng/logcollection/content/transform/cmdscript) on the Log Collector, the Security Analytics UI displays the following error message:
Error: could not find supported file type in file /etc/netwitness/ng/logcollection/content/collection/cmdscript/cloudtrail_transform.xml
Image description
Resolution
This issue is currently being investigated by the Engineering team in order to resolve it in a future release.
Workaround
To resolve the issue, verify that the /etc/netwitness/ng/logcollection/content/transform/cmdscript/cloudtrail_transform.xml is indeed missing.
If it is, deploy the Log Collector content for the AWS collection from the Live -> Search page in the Security Analytics UI, as shown below.
Image descriptionIf the file is present but the error is logging, then it can be safely ignored.