This website uses cookies. By clicking Accept, you consent to the use of cookies. Click Here to learn more about how we use cookies.
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for
NetWitness Knowledge Base
Find answers to your questions and identify resolutions for known issues with knowledge base articles written by NetWitness experts.
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for
- NetWitness Community
- Knowledge Base
- How to collect RSA Security Analytics / NetWitness Platform device logs by individual service type u...
-
Options
- Subscribe to RSS Feed
- Bookmark
- Subscribe
- Email to a Friend
- Printer Friendly Page
- Report Inappropriate Content
The content you are looking for has been archived. View related content below.
How to collect RSA Security Analytics / NetWitness Platform device logs by individual service type using NwConsole
Article Number
000001314
Applies To
RSA Product Set: Security Analytics, NetWitness Logs & Network
RSA Product/Service Type: Security Analytics services, NetWitness Logs & Network services
RSA Version/Condition: 10.4, 10.5, 10.6, 11.x
Platform: CentOS
O/S Version: EL6, EL7
RSA Product/Service Type: Security Analytics services, NetWitness Logs & Network services
RSA Version/Condition: 10.4, 10.5, 10.6, 11.x
Platform: CentOS
O/S Version: EL6, EL7
Issue
How to collect RSA Security Analytics / NetWitness Logs & Network device logs by individual service type using NwConsole.
Resolution
To collect and download the logs of an individual service, please follow the steps below:
NOTE: The time format above is an example, change the dates to the range needed.
- Connect to the appliance in question via SSH
- Issue the command NwConsole to enter the console
- Login to the service in question (refer to the table below) by issuing the following command:
login localhost:<service_port> admin
- At the prompt, enter the password for the account in question.
- Proceed to collect the logs in question by issuing the following commands:
cd logs
/logs> dlogs pathname=/root/<filename>.txt time1="2013-Oct-17 00:00:00" time2="2013-Oct-19 00:00:00"
NOTE: The time format above is an example, change the dates to the range needed.
See the note below for an example of the entire process.
If you are unsure of any of the steps above or experience any issues, contact RSA Support and quote this article ID for further assistance.
Notes
Below is a detailed example of the process:
RSA Security Analytics Console 10.6.6.0
Copyright 2001-2018, RSA Security Inc. All Rights Reserved.
Type "help" for a list of commands or "man" for a list of manual pages.
> login localhost:50004 admin
Password: **********
Successfully logged in as session 4436
[localhost:50004] /> cd /logs
[localhost:50004] /logs
[localhost:50004] /logs> dlogs
Usage: dlogs [<supported parameters>] [pathname=<output pathname>]
[delimiter=","] [append=<0|1>]
Retrieve logs from the logged in service. The current node must be /logs ("cd
/logs").
parameters - For supported parameters, send the following command "send
/logs help msg=download"
pathname - The optional output path where the logs will be saved,
otherwise, logs are written to the console
delimiter - The string that separates each log field, use \\t for tab,
default is a comma
append - If 1, will append to existing file, zero overwrites (default)
Aliases: downloadLogs, downloadlogs
[localhost:50004] /logs
[localhost:50004] /logs> dlogs pathname=/logs.txt time1="2013-Oct-17 00:00:00" time2="2013-Oct-19 00:00:00"
Refer to the table below for the ports associated with each service:
| Service | Service Port |
| Archiver | 50008 |
| Workbench | 50007 |
| Appliance | 50006 |
| Concentrator | 50005 |
| Decoder | 50004 |
| Broker | 50003 |
| Log Decoder | 50002 |
| Log Collector | 50001 |
No ratings
