This website uses cookies. By clicking Accept, you consent to the use of cookies. Click Here to learn more about how we use cookies.
Accept
Reject
Register Now
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
NetWitness Discussions

question regarding reimage/reinstall the SA appliances

huanzhou1
Beginner
Beginner

‎2013-11-20 08:38 AM

1. Any backup and restore procedures? If customer wants to retain the data(packet,meta),just copy and restore? any special configuration?

2. If the SA appliances have DAC configured, need to backup LVM configuration? If no LVM configuration, how to restore the additional storage?

 

Thanks.

0 Likes
12 REPLIES 12

AdamRasnick
Beginner
Beginner

‎2013-12-02 02:17 PM

As of now, there are not any backup/restore procedures for packet/log information.  I know in 10.3 there was rumor of having something, but I am not sure of what was actually included in that release.

0 Likes

huanzhou1
Beginner
Beginner
In response to AdamRasnick

‎2013-12-02 08:53 PM

are you able to get the information for 10.3? Thanks.

0 Likes

Anonymous
Not applicable
In response to huanzhou1

‎2013-12-03 01:22 AM

HI patriot/adam,

i just got an information that for upgradation of 10.2 to 10.3 we need event stream anaysis appliances, is this true?

by the way i have upgraded my appliances without this new appliance and without any error.

all are working fine

0 Likes

AdamRasnick
Beginner
Beginner
In response to huanzhou1

‎2013-12-03 01:00 PM

I would recommend looking on SCOL somewhere...I am not sure where they would put it. Again, it was only a "mention" that I saw somewhere that it was going to be included, but I have not heard anything else.

| Adam Rasnick | Practice Consultant, RSA Professional Services| 423.833.9297| adam.rasnick@emc.com | RSA The Security Division of EMC

0 Likes

Anonymous
Not applicable
In response to Anonymous

‎2013-12-03 05:03 PM

Event Stream Analysis (ESA) appliance gives you the capability to do correlation and complex event processing (incident alerts). This capability used to be in the Security Analytics Warehouse (SAW). So if you weren't running the SAW in the past you shouldn't have an issue wrt the ESA. If you do currently have a SAW you should open a support case and contact your account rep before upgrading to 10.3 to find out your best options.

 

I hope that helps.

0 Likes

huanzhou1
Beginner
Beginner
In response to Anonymous

‎2013-12-03 09:09 PM

wish RSA can update the document soon

0 Likes

huanzhou1
Beginner
Beginner
In response to huanzhou1

‎2013-12-03 09:11 PM

the docs.netwitness.com down:

 

<?php

/*

* MindTouch

* Copyright (c) 2006-2012 MindTouch Inc.

* http://mindtouch.com

*

* This file and accompanying files are licensed under the

* MindTouch Master Subscription Agreement (MSA).

*

* At any time, you shall not, directly or indirectly: sublicense,

* resell, rent, lease, distribute, market, commercialize or otherwise

* transfer rights or usage to: (a) the Software, (b) any modified version

* or derivative work of the Software created by you or for you, or (c)

* MindTouch Open Source (which includes all non-supported versions of

* MindTouch-developed software), for any purpose including timesharing or

* service bureau purposes; (ii) remove or alter any copyright, trademark

* or proprietary notice in the Software; (iii) transfer, use or export the

* Software in violation of any applicable laws or regulations of any

* government or governmental agency; (iv) use or run on any of your

* hardware, or have deployed for use, any production version of MindTouch

* Open Source; (v) use any of the Support Services, Error corrections,

* Updates or Upgrades, for the MindTouch Open Source software or for any

* Server for which Support Services are not then purchased as provided

* hereunder; or (vi) reverse engineer, decompile or modify any encrypted

* or encoded portion of the Software.

*

* A complete copy of the MSA is available at http://www.mindtouch.com/msa

*/

use MindTouch\deki\core\Application;

use MindTouch\deki\core\Container;

use MindTouch\deki\core\Error;

 

 

$wgRequestTime = microtime();

unset($IP);

 

 

// for security always require local app server settings be loaded

@ini_set('allow_url_fopen', 0);

if(!file_exists('LocalSettings.php') || filesize('LocalSettings.php') <= 0) {

    exit();

}

 

 

// valid web server entry point, initialize UI core

define('MINDTOUCH_DEKI', true);

require_once('LocalSettings.php');

require_once('includes/Bootstrap.php');

 

 

// handle exceptions and fatal errors with useful error pages

Error::initialize();

 

 

/**

* create a global dependency container and execute request.

* container available globally for plugins and other components not yet in the container

*/

global $wgContainer;

$wgContainer = new Container();

$wgContainer->Profiler->setWebRequestStart($wgRequestTime);

$Application = new Application($wgContainer);

$Application->initialize();

DekiPlugin::loadSitePlugins();

$Application->execute();

0 Likes

AdamRasnick
Beginner
Beginner
In response to huanzhou1

‎2013-12-04 12:33 PM

Wish RSA would completely keep up with documentation on anything!

 

 

| Adam Rasnick | Practice Consultant, RSA Professional Services| 423.833.9297| adam.rasnick@emc.com | RSA The Security Division of EMC

0 Likes

AdamRasnick
Beginner
Beginner
In response to huanzhou1

‎2013-12-04 12:34 PM

They must have updated it or something, I didnt have any problems getting in and it looks vaguely different.

 

 

| Adam Rasnick | Practice Consultant, RSA Professional Services| 423.833.9297| adam.rasnick@emc.com | RSA The Security Division of EMC

0 Likes
© 2022 RSA Security LLC or its affiliates. All rights reserved.