This website uses cookies. By clicking Accept, you consent to the use of cookies. Click Here to learn more about how we use cookies.
Accept
Reject
Register Now
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
NetWitness Knowledge Base
Find answers to your questions and identify resolutions for known issues with knowledge base articles written by NetWitness experts.
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

RSA NetWitness Global audit logging configuration not reflecting with new changes

Article Number

000001937

Applies To

RSA Product Set: RSA NetWitness Logs & Network
RSA Product/Service Type: Head Unit/ NetWitness Server
RSA Version/Condition: 11.X
Platform: CentOS
O/S Version: 7
 

Issue

Global audit logging is configured using Configure Global Audit Logging document. However, logging not working as per configuration.

 

Cause

Checking configuration files in Admin server putty shows those files not reflecting the latest configuration applied. When Configuration applied in GUI, that should reflect in rsa-audit-server-output.conf file on the same date.

cd /etc/logstash/conf.d/
[root@AdminServer conf.d]# ls -l
total 8
-rw-r-----. 1 logstash logstash  412 Apr 13  2019 rsa-audit-server.conf
-rw-r-----. 1 logstash logstash 1369 Oct 24  2019 rsa-audit-server-output.conf

Resolution

Please follow the below steps to reflect the latest changes in configuration files.
  1. Login to NetWitness ADMIN server putty.
  2. Run below command.
    #orchestration-cli-client --update-admin-node
  3. Once the above command successfully completed. Verify the contents of /etc/logstash/conf.d/rsa-audit-server-output.conf file to see the latest configuration.
Was this article helpful? Yes No
No ratings

In this article

Version history
Last update:
‎2022-06-02 08:31 PM
Updated by:
Administrator Administrator

Related Content

© 2022 RSA Security LLC or its affiliates. All rights reserved.