.png?width=180&height=32&name=NW%20Logo%20(2).png){kind=small}
System logs are not logging into /var/log/messages in RSA NetWitness
Issue
System logs are not logging into /var/log/messages on SA Appliances.
Cause
It could be an issue if the /etc/rsyslog.conf file corrupted or crashed.
Resolution
To resolve the issue, ssh to the appliance and run the following commands on the shell:1. Stop rsyslog service
service rsyslog stop
2. Reinstall rsyslog package
yum reinstall rsyslog
3. Start rsyslog service
service rsyslog start
4. Restart RSA Netwitness services
restart nwdecoder/
Note: replace the keyword nwdecoder to the appropriate service running on your appliance
nwdecoder: Packet Decoder
nwlogdecoder: Log Decoder
nwconcentrator: Concentrator
nwlogcollector: Log Collector (whether it's installed locally with the logdecoder or remotely from the logdecoder)
Product Details
RSA Product Set: Security AnalyticsRSA Product/Service Type: SA Core Appliance
RSA Version/Condition: 10.5.x, 10.6.,x
Platform: CentOS
O/S Version: 6
Approval Reviewer Queue
ASOC Approval Group