.png?width=180&height=32&name=NW%20Logo%20(2).png){kind=small}
Issue
Customers on 11.x or 12.x not being able to parse amazonvpc events correctly and getting the below instead:
Cause
The issue can be caused because the xml typespec file on the decoder under: /etc/netwitness/ng/logcollection/content/transform/cmdscript/amazonvpc_transform.xml does not have execution permissions.
Workaround
- Check the configuration for the amazon vpc event source and make sure everything is fine, check that test connection is good.
- Make sure that CEF parser is deployed and enabled on the log decoder.
- Restart the nwlogcollector service on the VLC or Local Collector to make sure the above takes effect.
- If that doesn't make any chance, eventually check the xml typespec file on the log collector under:
/etc/netwitness/ng/logcollection/content/transform/cmdscript/amazonvpc_transform.xml
and make sure the file has execution permissions.
- If it doesn't have it, give permission with:
# chmod +x /etc/netwitness/ng/logcollection/content/transform/cmdscript/amazonvpc_transform.xml
- Restart the nwlogcollector service on the VLC or Local Collector after assigning the permission to the file and double-check the issue is fixed after that.
Product Details
RSA Product Set: NetWitness PlatformRSA Product/Service Type: Log collector
RSA Version/Condition: 11.x, 12 x
O/S Version: CentOS7
Approval Reviewer Queue
Technical approval queue