Core Service Logging Configuration Parameters

The following table describes the logging configuration parameters for all NetWitness Core services. Logging configuration is the same for all Core services.

Logs Configuration Folder /logs/config


Displays the directory where the log database is stored. Optional assigned max size (=#) is in MBs. Change takes effect on service restart.


Controls what types of log messages are stored (comma separated). Module specific settings are defined like this:
<Module>=[debug|info|audit|warning|failure|all|none]. Change takes effect immediately.


Sets a remote SNMP Trap Receiving agent.


Sets the SNMP version (2c or 3) to be used for gets and traps.

Displays the SNMPv3 engine boots count. This field auto-increments on startup and should not normally need to be set by the user.

Sets the SNMPv3 engine ID, which is 10-64 hexadecimal digit number optionally preceded by 0x. You can add suffix values at the end of the engine ID for each of the SA Core services running on the same host. For example, if the generated Engine ID for the SA Core host is 0x1234512345, you can set the Engine ID for the Decoder service as 0x123451234501 and set 0x123451234504 for the Appliance service.


Sets the SNMPv3 Trap Authentication Local Key, which is a 16 or 20 hexadecimal digit number (depending on which authentication protocol is used) preceded by 0x. For MD5, the key is 16 hexadecimal digits, while SHA uses 20 hexadecimal digits. You can use any desired algorithm to generate the local keys. It is recommended that a generation method involving randomness be used as opposed to selecting key values manually.


Displays the SNMPv3 Trap Authentication Protocol (none, MD5 or SHA).


Sets the SNMPv3 Trap Privacy Local Key, which is a 16 hexadecimal digit number preceded by 0x.


Displays the SNMPv3 Trap Privacy Protocol (none or AES).

Displays the SNMPv3 Trap Security Level, which indicates whether authentication and privacy are used or not. Possible values are noAuthNoPriv, authNoPriv, or authPriv.

Sets the SNMPv3 Trap Security Name used during SNMPv3 trap authentication.


Displays the maximum size of a log sent to syslog (some syslog daemons have issues with very large messages). Zero means no limit. Change takes effect immediately.