This website uses cookies. By clicking Accept, you consent to the use of cookies. Click Here to learn more about how we use cookies.
Accept
Reject
Register Now
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
NetWitness Discussions

Investigation Time Issue

Anonymous
Not applicable

‎2014-10-14 07:14 AM

Can any one have any idea, that how to change the time in investigation module?

When I go to investigation, I am able to view a very old date and time.

Please refer to the below mentioned screenshot, kindly  suggest if someone have any idea?

investigation time zone.png

0 Likes
9 REPLIES 9

Anonymous
Not applicable

‎2014-10-14 07:35 AM

Do you have SSH to the box?  if so can you do a 'date' command? 

0 Likes

Anonymous
Not applicable
In response to Anonymous

‎2014-10-14 07:44 AM

Yes I have the access to the SSH, but I always fail to update or change the time.

 

Below is the output of the command. But I am not able to change the same.

 

 

 

Will you please suggest something on it. Thankszz.

Preview file
14 KB
0 Likes

Anonymous
Not applicable
In response to Anonymous

‎2014-10-14 07:53 AM

Interesting, I was expecting different results for the date command, normally the times match.  Is this for logs or packets?  Also, is data actually coming into the device correctly?  If you go to Administration -> Health & Wellness do you see any red? Do you see the capture rate ticking?

0 Likes

Anonymous
Not applicable
In response to Anonymous

‎2014-10-14 08:06 AM

Hi Sean,

 

 

 

Well this a virtual based environment, and this is for both logs and packet, but this is a new setup. So nothing is configured with the new version as of now. So I am not getting any data onto this now.

 

 

 

And also one more interesting thing, if go to Health & Wellness, I must see all the devices health and status, but I am not able to see the health status of any of the appliance, like decoder, log collector, esa and concentrator.

 

 

 

It’s very strange to see, but ealier it was working fine.

 

Please refer to the attached screenshot.

Preview file
10 KB
0 Likes

Anonymous
Not applicable
In response to Anonymous

‎2014-10-14 08:35 AM

Could you try pushing some data to the device?  I have seen my devices act funny if it has no data at all to reference. 

0 Likes

Anonymous
Not applicable
In response to Anonymous

‎2014-10-14 11:33 AM

Hello Sean,

 

Thanks, hope this will work.

I will update soon, as I completed the same.

 

Regards,

Deepanshu Sood

Technical Consultant

Information Security Unit

0 Likes

LeeKirkpatrick
Valued Contributor Valued Contributor
Valued Contributor

‎2014-10-16 05:32 AM

Hi Deepanshu,

 

This normally happens when there is no Meta available in the Concentrator. Are you sure your Concentrator is aggregating Meta from its associated Decoder?

0 Likes

Anonymous
Not applicable
In response to LeeKirkpatrick

‎2014-10-16 05:54 AM

Hello Lee,

 

Yes everything is setup at good.

As it's a lab environment so as of now I haven't configure any event source to my log decoder.

 

First i will integrate any event source with LD and then check the same.

 

Thanks..

 

Regards,

Deepanshu Sood

Technical Consultant - Information Security

0 Likes

AdamRasnick
Beginner
Beginner

‎2015-01-22 12:38 PM

I am just now seeing this post and I assume that you have already resolved your issue.  This has to do with your profile setting.  If you go to your profile under the drop down on the top left hand corner, you can change your time zone on the server for the investigation module.  You will also need to change your time zone on all your appliances.  Attached is the doc on how to do all that.  And as long as you are pushing data to the device, your time in the investigator module should reflect the correct time.

Preview file
163 KB
© 2022 RSA Security LLC or its affiliates. All rights reserved.