Article Number
000001937
Applies To
RSA Product Set: RSA NetWitness Logs & Network
RSA Product/Service Type: Head Unit/ NetWitness Server
RSA Version/Condition: 11.X
Platform: CentOS
O/S Version: 7
Issue
Global audit logging is configured using
Configure Global Audit Logging document. However, logging not working as per configuration.
Cause
Checking configuration files in Admin server putty shows those files not reflecting the latest configuration applied. When Configuration applied in GUI, that should reflect in rsa-audit-server-output.conf file on the same date.
cd /etc/logstash/conf.d/
[root@AdminServer conf.d]# ls -l
total 8
-rw-r-----. 1 logstash logstash 412 Apr 13 2019 rsa-audit-server.conf
-rw-r-----. 1 logstash logstash 1369 Oct 24 2019 rsa-audit-server-output.conf
Resolution
Please follow the below steps to reflect the latest changes in configuration files.
- Login to NetWitness ADMIN server putty.
- Run below command.
#orchestration-cli-client --update-admin-node - Once the above command successfully completed. Verify the contents of /etc/logstash/conf.d/rsa-audit-server-output.conf file to see the latest configuration.