.png?width=180&height=32&name=NW%20Logo%20(2).png){kind=small}
Issue
Why do you see a mounted logdecoder partition on a packet hybrid when reimaging to 11.2 or later? Shouldn't this be mounted to /var/netwitness/decoder?
You would see the reverse on a log hybrid with a /var/netwitness/decoder partition. Shouldn't this be mounted to /var/netwitness/logdecoder?
Resolution
This is expected behavior. /etc/fstab has a bind mount for /var/netwitness/logdecoder/ and /var/netwitness/decoder. They both point and write to the same place.The idea was that there would not have to be separate kickstart selections for each of the S6/S5 packet/log hybrid models: the filesystem layout would be suitable for either.
Warning: Do not modify this configuration as any future modification that was planned for both log and packet hybrids may not be consistent.
Product Details
RSA Product Set: NetWitness Logs & NetworkRSA Product/Service Type: NetWitness Logs & Network
RSA Version/Condition: 11.2.0, 11.3.0
Summary
Why does a packet hybrid mount to a logdecoder partition or log hybrid mount to a decoder partition when you reimage starting in NetWitness Platform 11.2?
Approval Reviewer Queue
RSA NetWitness Suite Approval Queue