This website uses cookies. By clicking Accept, you consent to the use of cookies. Click Here to learn more about how we use cookies.
Accept
Reject

NetWitness Community

  • Home
  • Products
    • NetWitness Platform
      • Advisories
      • Documentation
        • Platform Documentation
        • Known Issues
        • Security Fixes
        • Hardware Documentation
        • Threat Content
        • Unified Data Model
        • Videos
      • Downloads
      • Integrations
      • Knowledge Base
    • NetWitness Cloud SIEM
      • Advisories
      • Documentation
      • Knowledge Base
    • NetWitness Detect AI
      • Advisories
      • Documentation
      • Knowledge Base
    • NetWitness Investigator
    • NetWitness Orchestrator
      • Advisories
      • Documentation
      • Knowledge Base
      • Legacy NetWitness Orchestrator
        • Advisories
        • Documentation
  • Community
    • Blog
    • Discussions
    • Events
    • Idea Exchange
  • Support
    • Case Portal
      • Create New Case
      • View My Cases
      • View My Team's Cases
    • Community Support
      • Getting Started
      • News & Announcements
      • Community Support Forum
      • Community Support Articles
    • Product Life Cycle
    • Support Information
    • General Security Advisories
  • Training
    • Blog
    • Certification Program
    • Course Catalog
    • New Product Readiness
    • On-Demand Subscriptions
    • Student Resources
    • Upcoming Events
  • Technology Partners
  • Trust Center
Sign InRegister Now
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
NetWitness Knowledge Base
Find answers to your questions and identify resolutions for known issues with knowledge base articles written by NetWitness experts.
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Announcement Banner

Scheduled Maintenance for the Case Portal during May 27-29

View Details
  • NetWitness Community
  • Knowledge Base
  • How to collect RSA Security Analytics / NetWitness Platform device logs by individual service type u...
  • Options
    • Subscribe to RSS Feed
    • Bookmark
    • Subscribe
    • Email to a Friend
    • Printer Friendly Page
    • Report Inappropriate Content

The content you are looking for has been archived. View related content below.

How to collect RSA Security Analytics / NetWitness Platform device logs by individual service type using NwConsole

Article Number

000001314

Applies To

RSA Product Set: Security Analytics, NetWitness Logs & Network
RSA Product/Service Type: Security Analytics services, NetWitness Logs & Network services
RSA Version/Condition: 10.4, 10.5, 10.6, 11.x
Platform: CentOS
O/S Version: EL6, EL7

Issue

How to collect RSA Security Analytics / NetWitness Logs & Network device logs by individual service type using NwConsole.

Resolution

To collect and download the logs of an individual service, please follow the steps below:
 
  1. Connect to the appliance in question via SSH
  2. Issue the command NwConsole to enter the console
  3. Login to the service in question (refer to the table below) by issuing the following command:
login localhost:<service_port> admin
  1. At the prompt, enter the password for the account in question.
  2. Proceed to collect the logs in question by issuing the following commands:
cd logs
/logs> dlogs pathname=/root/<filename>.txt time1="2013-Oct-17 00:00:00" time2="2013-Oct-19 00:00:00"

NOTE:  The time format above is an example, change the dates to the range needed.

See the note below for an example of the entire process.

If you are unsure of any of the steps above or experience any issues, contact RSA Support and quote this article ID for further assistance.

Notes

Below is a detailed example of the process: 


RSA Security Analytics Console 10.6.6.0
Copyright 2001-2018, RSA Security Inc.  All Rights Reserved.

Type "help" for a list of commands or "man" for a list of manual pages.
> login localhost:50004 admin

Password: **********
Successfully logged in as session 4436
[localhost:50004] /> cd /logs
[localhost:50004] /logs
[localhost:50004] /logs> dlogs
Usage: dlogs [<supported parameters>] [pathname=<output pathname>]
             [delimiter=","] [append=<0|1>]
Retrieve logs from the logged in service.  The current node must be /logs ("cd
/logs").

    parameters - For supported parameters, send the following command "send
                 /logs help msg=download"
    pathname   - The optional output path where the logs will be saved,
                 otherwise, logs are written to the console
    delimiter  - The string that separates each log field, use \\t for tab,
                 default is a comma
    append     - If 1, will append to existing file, zero overwrites (default)

Aliases: downloadLogs, downloadlogs
[localhost:50004] /logs
[localhost:50004] /logs> dlogs pathname=/logs.txt time1="2013-Oct-17 00:00:00" time2="2013-Oct-19 00:00:00"

 

 

Refer to the table below for the ports associated with each service:

 Service Service Port
 Archiver 50008
 Workbench 50007
 Appliance 50006
 Concentrator 50005
 Decoder 50004 
 Broker 50003
 Log Decoder 50002
 Log Collector 50001


 
Tags (12)
  • Customer Support Article
  • KB Article
  • Knowledge Article
  • Knowledge Base
  • NetWitness
  • NetWitness Platform
  • NW
  • RSA NetWitness
  • RSA NetWitness Platform
  • RSA Security Analytics
  • Security Analytics
  • SIEM
0 Likes
Was this article helpful? Yes No
No ratings

In this article

Version history
Last update:
‎2022-02-10 02:01 PM
Updated by:
Administrator nwinfotech Administrator

Related Content

Powered by Khoros
  • Blog
  • Events
  • Discussions
  • Idea Exchange
  • Knowledge Base
  • Case Portal
  • Community Support
  • Product Life Cycle
  • Support Information
  • About the Community
  • Terms & Conditions
  • Privacy Statement
  • Acceptable Use Policy
  • Employee Login
© 2022 RSA Security LLC or its affiliates. All rights reserved.