NetWitness Community

After failing back to the original primary SA, is the UI of the secondary SA (standby) supposed to still have the hosts and the services online?

The simplest approach I can think of is forwarding the alert as syslog to a decoder and including, for example, the username, ip.source and device.id in the syslog template.You will then be able to report on the alert meta while including the usernam...

Does the shovel also fail if you try to set the Local Log Collector to pull from the VLC ?