.png?width=180&height=32&name=NW%20Logo%20(2).png){kind=small}
How to fix aggregation issues related to the Log Decoder ID in RSA Security Analytics
Issue
When aggregation between log decoder and concentrator is not working and getting error message similar to the one below:
Failed to initialize device 'x.x.x.x:50002' because log decoder ID meta type is not indexed by value in current language. Device aggregation is being stopped
Resolution
To resolve the issue, remove the line below from the /etc/netwitness/ng/index-concentrator-custom.xml file and restart the nwconcentrator service.
<key description="Decoder Source" format="Text" level="IndexKeys" name="did"/>
Product Details
RSA Product Set: Security AnalyticsRSA Product/Service Type: Log Decoder
RSA Version/Condition: 10.3, 10.4
Platform: CentOS
O/S Version: EL5, EL6
Approval Reviewer Queue
ASOC Approval Group