Why would you like to use two independent instances of the admin? Is
this a business requirement?In the NetWitness architecture, you can
avoid log loss and have redundancy by using Log Collectors and Decoders.
You can have data replication and/or fai...
Hi! You can configure multiple Destination Groups to replicate events
data. Check this doc
https://community.rsa.com/t5/rsa-netwitness-platform-online/log-collection-configure-replication/ta-p/568055
Hi Azim, The hostname and timestamp are normal in Syslog messages and
both are expected by the Apache parser. It can parser messages with and
without those headers, so it should be working normally.What is the
device.type in your parsed events? Is th...
Hi Azim! Which parser is processing the Nginx logs in your environment?
One approach would be to create a new parser according to your log
format. You may use try modifying the log format to a key-value config
so you could use Log Parser Rules (Log P...
Hi! Did you try sending logging messages using Nginx instead of syslogd?
You can check the configuration here
https://docs.nginx.com/nginx/admin-guide/monitoring/logging/