For convenience it is useful that you might want to sync files automatically across your deployment.
For example, you may wish to ensure that all parsers on your logdecoders are the same, and all table-map-custom.xml entries are consistent across your Security Analytics estate.
To solve this, I designate one of my Log Decoders as the master system, and then have the following cron job configured:
The cron job is called /etc/cron.hourly/rsync.sh
rsync -av /etc/netwitness/ng/envision/ root@192.168.123.44:/etc/netwitness/ng/envision
rsync -av /etc/netwitness/ng/parsers/ root@192.168.123.44:/etc/netwitness/ng/parsers
ssh root@192.168.123.44 '/etc/cron.hourly/parsers-reload.sh'
This file makes sure that the /etc/netwitness/ng/parsers directory and the /etc/netwitness/ng/envision directories are the same between the system where the cronjob is running and my second log decoder at 192.168.123.44
I have set up public key SSH access between the log decoders.
Note the parsers-reload script is just a script that I use just to reload the parsers once they have changed:
more /etc/cron.hourly/parsers-reload.sh
#Reload Device Table Map
NwConsole -c "login localhost:50002 admin netwitness" -c "/decoder/parsers ipdevice op=edit entries=\"+192.168.111.111=rhlinux\"
reload=true"
#Reload Parsers
NwConsole -c login localhost:50002 admin netwitness -c parsers reload
#Reload Feeds
NwConsole -c "login localhost:50002 admin netwitness" -c "/decoder/parsers feed op=notify" -c "logout"
