NetWitness Community

actualyy before mapping DAC we had used that decoder mean it was licensed and also content file were deployed then we mapped DAC and face an unkown error so i deleted decoer and collector from added device. now again i added decoder but when i try to add collector its showing test connection failed. as you told me to check it service, and i found its service is down.

thats what you have asked, please have a look

[root@NWAPPLIANCE23740 ~]#  /var/log/netwitness/nwlogcollector

-bash: /var/log/netwitness/nwlogcollector: No such file or directory

[root@NWAPPLIANCE23740 ~]# cd  /var/log/netwitness/nwlogcollector

-bash: cd: /var/log/netwitness/nwlogcollector: No such file or directory

[root@NWAPPLIANCE23740 ~]# cd /var/log/netwitness

[root@NWAPPLIANCE23740 netwitness]# nwlogcollector

-bash: nwlogcollector: command not found

[root@NWAPPLIANCE23740 netwitness]# ls

logdecoder

[root@NWAPPLIANCE23740 netwitness]# cd logdecoder

[root@NWAPPLIANCE23740 logdecoder]# ls

NwServerLog-000000001.log       NwServerLog-000000005.logindex

NwServerLog-000000001.logindex  NwServerLog-000000006.log

NwServerLog-000000002.log       NwServerLog-000000006.logindex

NwServerLog-000000002.logindex  NwServerLog-000000007.log

NwServerLog-000000003.log       NwServerLog-000000007.logindex

NwServerLog-000000003.logindex  NwServerLog-000000008.log

NwServerLog-000000004.log       NwServerLog-000000008.logindex

NwServerLog-000000004.logindex  NwServerLogdb.lock

NwServerLog-000000005.log

[root@NWAPPLIANCE23740 logdecoder]#

i have created netwitness.repo manually but have not edit anything.

Is This ip address is SA server ip address or Proxy server ip address?

i have just create that netwitness.repo by vi editor and write that content. run the command yum update its showing total download size is 367 MB  is this okay? have a look

[root@SA_pkt /]# yum update

Loaded plugins: fastestmirror

Loading mirror speeds from cached hostfile

Setting up Update Process

Resolving Dependencies

--> Running transaction check

---> Package geoip-dat.noarch 0:1.1-29 will be updated

---> Package geoip-dat.noarch 0:1.1-32 will be an update

---> Package nwappliance.x86_64 0:10.2.5.0-86.el6 will be updated

---> Package nwappliance.x86_64 0:10.3.0.2042-5.el6 will be an update

---> Package nwbroker.x86_64 0:10.2.5.0-86.el6 will be updated

---> Package nwbroker.x86_64 0:10.3.0.2042-5.el6 will be an update

---> Package nwconsole.x86_64 0:10.2.5.0-86.el6 will be updated

---> Package nwconsole.x86_64 0:10.3.0.2042-5.el6 will be an update

---> Package nwipdbextractor.x86_64 0:10.2.5.3-33.el6 will be updated

---> Package nwipdbextractor.x86_64 0:10.3.0.11510-5.el6 will be an update

---> Package nwsupport-script.noarch 0:1.1-7 will be updated

---> Package nwsupport-script.noarch 0:1.1-8 will be an update

---> Package pycarlos.x86_64 0:2.0-3.el6 will be obsoleted

---> Package re-server.noarch 0:10.2.5.0-1 will be updated

---> Package re-server.noarch 0:10.3.0.2-5 will be an update

---> Package rsaCAS.x86_64 0:1.0-32.el6 will be obsoleting

---> Package rsaMalwareDeviceCoLo.x86_64 0:10.2.5.0-0 will be updated

---> Package rsaMalwareDeviceCoLo.x86_64 0:10.3.0.8072-5 will be an update

--> Processing Dependency: malwaredeps-yara for package: rsaMalwareDeviceCoLo-10.3.0.8072-5.x86_64

---> Package security-analytics-web-server.noarch 0:10.2.0.1716-5 will be updated

---> Package security-analytics-web-server.noarch 0:10.3.0.5727-5 will be an update

--> Running transaction check

---> Package malwaredeps-yara.x86_64 0:1.7-1.el6 will be installed

--> Finished Dependency Resolution

Dependencies Resolved

================================================================================

Package                        Arch    Version                Repository  Size

================================================================================

Installing:

rsaCAS                         x86_64  1.0-32.el6             nwupdates   41 k

     replacing  pycarlos.x86_64 2.0-3.el6

Updating:

geoip-dat                      noarch  1.1-32                 nwupdates  552 k

nwappliance                    x86_64  10.3.0.2042-5.el6      nwupdates  7.2 M

nwbroker                       x86_64  10.3.0.2042-5.el6      nwupdates  8.8 M

nwconsole                      x86_64  10.3.0.2042-5.el6      nwupdates  5.8 M

nwipdbextractor                x86_64  10.3.0.11510-5.el6     nwupdates   13 M

nwsupport-script               noarch  1.1-8                  nwupdates   28 k

re-server                      noarch  10.3.0.2-5             nwupdates  147 M

rsaMalwareDeviceCoLo           x86_64  10.3.0.8072-5          nwupdates  100 M

security-analytics-web-server  noarch  10.3.0.5727-5          nwupdates   85 M

Installing for dependencies:

malwaredeps-yara               x86_64  1.7-1.el6              nwupdates  252 k

Transaction Summary

================================================================================

Install       2 Package(s)

Upgrade       9 Package(s)

Total download size: 367 M

Is this ok [y/N]:

thanks, its updating. will update you.

but that decoder does not have any logcollector directory

i just check /var/log/netwitness/

have a look

[root@NWAPPLIANCE23740 /]# cd /var/log/netwitness/

[root@NWAPPLIANCE23740 netwitness]# ls

logdecoder

[root@NWAPPLIANCE23740 netwitness]#

Hi patriot,

firstly thank you very much for that netwitness.repo.

i have successfully updated my SA server, packet concentrator and packet decoder. so thank you.

n for that decoder i got logcollector is there

[root@NWAPPLIANCE23740 ~]# rpm -qa | grep nwlogcollector

nwlogcollector-10.2.5.0-1.el6.x86_64

nwlogcollectorcontent-10.2.5.0-1.noarch

nwlogcollectorperl-10.2.5.0-1.noarch

[root@NWAPPLIANCE23740 ~]#