Netwitness Endpoint Server is offline in User Interface and endpoint-server has below errors.
/var/log/netwitness/endpoint-server/endpoint-server.log
2022-03-08 05:00:31,820 [ scheduled-health-check] WARN Health|HealthStatus(name=rsa.endpoint.health.file-download-disk-usage-health, status=Fatal, details={Current usage %=89.64162295444079, Warning threshold %=60, Fatal threshold %=70})
The Endpoint server is offline due to the current storage usage being higher than the default Fatal threshold=70% as
Data Retention Scheduler is not yet enabled to roll over old data.
1. Please login to Admin Server to increase the fatal threshold to 95.
[root@AdminServer ~]# nw-shell
████████ ██████ ██
██ ██ ██ ████
██ ██ ██ ██ ██
██ ████ ██████ ██ ██
██ ██ ██ ██ ██
██ ██ ██ ██ ██
██ ██ ███████ ██ ██
RSA Netwitness Shell. Version: 6.12.0
See "help" to list available commands, "help connect" to get started.
loginoffline » login
user: admin
password: **********
admin@offline » connect endpoint-server
INFO: Connected to endpoint-server (d2cc4b57-87e3-446b-b989-fd29ccc07c5)
admin@endpoint-server:Folder:/rsa » cd /rsa/endpoint/file-download-disk-thresholds/fatal-percent
admin@endpoint-server:Configuration:/rsa/endpoint/file-download-disk-thresholds/fatal-percent » get
70
admin@endpoint-server:Configuration:/rsa/endpoint/file-download-disk-thresholds/fatal-percent »set 95
admin@endpoint-server:Configuration:/rsa/endpoint/file-download-disk-thresholds/fatal-percent » get
95
Note: In this circumstance, the issue log indicates the consumption is >89%. Hence, the fatal percent threshold increased to 95%.
2. Please login to the Endpoint server and restart service using below command.
systemctl restart rsa-nw-endpoint-server.service
3. After this step the service will be online in UI, Please configure retention settings using
Data Retention Scheduler instructions.
4. If more data retention is required, the customer should increase the Endpoint server's disk space using the
Storage Guide .
5. Once Data Retention is enabled and Storage is increased, Please revert the fatal threshold to default 70 using the above step1. Please refer
Analyzing Downloaded Files for details about rsa.endpoint.file-download-disk-thresholds.fatal-percent setting.