(Optional) Process Raw Syslog Data without Priority Field

You have the option to process raw syslog data that does not contain a valid priority (PRI) field.

To configure a Log Decoder to process syslog without a Priority field:

  1. Go to netwitness_adminicon_25x22.png (Admin) > Services, select the Log Decoder service and netwitness_ic-actns.png> View > System.
  2. Select Stop Capture (netwitness_stopcapture.png).
  3. From the drop-down menu, where System is shown, select Explore.
  4. Select decoder > config.

  5. In the capture.device.params field, add the following text, and then click Enter to save the changes:

    requirePri=false

    netwitness_12.1_capturedeviceparams_1122.png

  6. From the drop-down menu, where Explore is shown, select System.
  7. Select Start Capture (netwitness_startcapturedr.png). The change takes affect after capture is restarted.