Upload and Delete Custom Parsers

NetWitness has the ability to upload parsers from your local system and delete these parsers.

Upload Parsers to a Decoder or Log Decoder

The Upload option in the Service Config view > Parsers tab displays the Upload Parsers dialog, in which you can manage the uploading of parsers to a Decoder or Log Decoder. In the File list, you prepare a list of parsers for uploading. You can add files from a directory structure, and delete files from the list if you decide that you don't want to upload a particular file. When the list is ready, clicking Upload starts the upload process.

  1. Go to netwitness_adminicon_25x22.png (Admin) > Services, select a service, and click netwitness_actiondd_33x16.png> View > Config.
    The Config view for the selected service is displayed.
  2. Click the Parsers tab.
  3. Click netwitness_iconfeedupload.png.
    The Upload Parsers dialog is displayed.
    netwitness_104uploadparsers.png
  4. Click netwitness_add.png .
    A file selection dialog is displayed.
  5. Select the .flex, .parser, and .lua files to be updated, and click Open.
    The dialog closes, and the selected files are displayed in the File list.
    netwitness_104uplparsaddedfile.png
  6. Click Upload.
    The Upload Job grid shows the progress of the upload jobs with each job representing a file being uploaded.
    netwitness_104uplparsaddedfile.png
  7. Use any of the Upload grid tools to manage the upload of selected jobs: pause and resume, cancel, and delete.
    Once a job is complete, it is deployed on the Decoder and listed with the deployed parsers in Parsers tab.

Manage Upload Jobs

You can use any of the Upload grid tools to manage the upload of selected jobs: pause, resume, cancel, and delete.

  • To cancel uploading a set of parsers while the upload is in queue or progress, click netwitness_icon_cancel.png.
  • To pause uploading a set of parsers, if the upload is not yet complete, click netwitness_icon-pause.png.
  • To resume uploading a set of parsers after a pause, click netwitness_icon-resume.png.
  • To delete an upload job, click netwitness_delete_rule_icon_im.png.

Delete Deployed Parsers

The Delete option in the Service Config view > Parsers tab provides a way to delete deployed parsers from a Decoder or Log Decoder. Parsers can be added and removed while a Decoder is running without affecting capture.

Note: Unless otherwise stated, any reference to Decoders applies to Log Decoders as well.

To delete a parser from a Decoder:

  1. Go to netwitness_adminicon_25x22.png (Admin) > Services, select a Decoder, and netwitness_actiondd_33x16.png> View > Config.
    The Services Config view for the selected service is displayed.
  2. Click the Parsers tab.
    netwitness_12.1_parstb_1122.png
  3. In the Parsers tab, select one or more parsers to delete.
  4. Click netwitness_delete.png.
    A dialog requests confirmation that you want to delete the parsers.
  5. If you want to delete the parsers, click Yes.
    The parsers are removed from the Decoder immediately.