NetWitness Community

What do you want with an export this large?

I tested, looks like export sessions more than 100,000 will fail. I tried to export 67,000 without any issue.

Job huan.7047878e-05f9-486d-8d26-bf7e702609f0 threw a JobExecutionException:

org.quartz.JobExecutionException: Error retrieving PCAP from device [See nested exception: java.io.IOException: com.rsa.netwitness.carlos.clients.nextgen.NextGenException: HTTP/1.1 401 Unauthorized]

  at com.netwitness.platform.server.investigation.common.export.jobs.ExtractInvestigationPcapJob.executeJob(ExtractInvestigationPcapJob.java:64)

  at com.rsa.netwitness.carlos.scheduling.jobs.AbstractJob.execute(AbstractJob.java:61)

  at org.quartz.core.JobRunShell.run(JobRunShell.java:213)

  at org.quartz.simpl.SimpleThreadPool$WorkerThread.run(SimpleThreadPool.java:557)

Caused by: java.io.IOException: com.rsa.netwitness.carlos.clients.nextgen.NextGenException: HTTP/1.1 401 Unauthorized

  at com.rsa.netwitness.carlos.transport.nextgen.adapter.NextGenContentAdapter.handle(NextGenContentAdapter.java:363)

  at com.rsa.netwitness.carlos.transport.nextgen.adapter.NextGenContentAdapter.handle(NextGenContentAdapter.java:282)

  at com.rsa.netwitness.carlos.transport.nextgen.adapter.NextGenContentAdapter.handleRequestStream(NextGenContentAdapter.java:130)

  at com.rsa.netwitness.carlos.transport.nextgen.NextGenContentMessageChannel.requestStream(NextGenContentMessageChannel.java:42)

  at com.rsa.netwitness.carlos.transport.nextgen.NextGenContentMessageChannel.requestStream(NextGenContentMessageChannel.java:27)

  at com.rsa.netwitness.carlos.transport.spi.AbstractMessageChannel.requestStream(AbstractMessageChannel.java:149)

  at com.netwitness.platform.server.investigation.common.export.jobs.AbstractExtractionJob.getContentInputStream(AbstractExtractionJob.java:97)

  at com.netwitness.platform.server.investigation.common.export.jobs.AbstractExtractionJob.getPCAPContentInputStream(AbstractExtractionJob.java:84)

  at com.netwitness.platform.server.investigation.common.export.jobs.ExtractInvestigationPcapJob.executeJob(ExtractInvestigationPcapJob.java:60)

  ... 3 more

Caused by: com.rsa.netwitness.carlos.clients.nextgen.NextGenException: HTTP/1.1 401 Unauthorized

  at com.rsa.netwitness.carlos.clients.nextgen.impl.NextGenClientImpl.downloadContent(NextGenClientImpl.java:1912)

  at com.rsa.netwitness.carlos.transport.nextgen.adapter.NextGenContentAdapter.handle(NextGenContentAdapter.java:358)

  ... 11 more