Syntax errors in table-map-custom.xml on RSA Security Analytics Log Decoder

Issue

When there is a syntax error in table-map-custom.xml you can experience a log decoder that will no longer start capture.

You will see this message when attempting to start capture: Health and Wellness will report alerts: And What is actually happening is logged in /var/log/messages:

Cause

We see from /var/log/messages there is an issue in the /etc/netwitness/ng/envision/etc/table-map-custom.xml file:  CDATA sections must start with ""<br><br>A commented line in .xml is a portion in the code that is not meant to be executed but describes what the configuration is doing and how it is being used:<br><br>Instead of seeing the proper commented syntax<br><!-- ... ><br><br>We noticed the dashes were missing:<br><br><! ... ><br> <br> <h4>Resolution</h4> Review the changes that have been made in table-map-custom.xml,  This also applies for a concentrator that will not start aggregation, you may consider reviewing the changes made to /etc/netwitness/ng/index-concentrator-custom.xml.<br><br>Restore back the changes that have been made in /etc/netwitness/ng/envision/etc/table-map-custom.xml and possibly in /etc/netwitness/ng/index-concentrator-custom.xml on the concentrator and re-evaluate the syntax and proper configuration. <br> <h4>Product Details</h4> <b>RSA Product Set: </b>NetWitness Logs and Packets<br><b>RSA Product/Service Type: </b>Core Appliance<br><b>RSA Version/Condition: </b>10.6.x<br> <br> <h4>Summary</h4> <p>What is seen or happens when you have a syntax error in table-map-custom.xml?</p> <br> <h4>Approval Reviewer Queue</h4> <p>RSA NetWitness Suite Approval Queue</p> <br>