.png?width=180&height=32&name=NW%20Logo%20(2).png){kind=small}
How to change the event payload size on an NetWitness Malware Analysis appliance
Issue
If customer wants to change/adjust the maximum message size sent by event sources to log collector service, this can be done by the below steps. The default size is currently set to maximum value which is 64K.
Resolution
To change the maximum payload, begin by logging in as an administrative account to the NetWitness UI, then select Admin > Services, and select the Log Collector service.On the service,
- Navigate to Explore > Event-Processors >
> Destinations > Logdecoder > Consumer > Processors> Tcpconnector > Config > Connector > Event > Event Size - Set the value of an appropriate size in bytes, noting the maximum event size that can be set is 65536 (64K) which the default value.
Product Details
RSA Product Set: NetWitness PlatformRSA Product/Service Type: Malware Analysis , Log Collector
RSA Version/Condition: 10.x , 11.x ,12.x
Platform: CentOS , AlmaLinux
O/S Version: 7
Approval Reviewer Queue
Technical approval queue