Advanced Configurations

Restore Default Content

This allows you to bring back all the default content such as dashboards, visualizations, monitors to its original or default state. This overwrites any changes made to the default content. For example, if you have deleted any dashboard or visualization and want to bring back the default content.

  1. Log in to NetWitness Platform UI.

  2. Click netwitness_configureicon_24x21.png (Configure) > LIVE CONTENT.

  3. In the Search Criteria panel, select the Resource Types as:

    • Health and Wellness Dashboards
    • Health and Wellness Monitors
  4. Click Search.

  5. In the Matching Resources view, select the checkbox to the left of the resources that you want to deploy.

  6. In the Matching Resources toolbar, click netwitness_deploybtn.png .

  7. In the Deployment Wizard > Resources tab, click Next.

  8. In the Services tab, select the Metrics Server service.

  9. Click Next.

  10. Click Deploy.
    The Deploy page is displayed. The Progress bar turns green when you have successfully deployed the resources to the selected services.

  11. Click Close.

Enable Services

This is used to enable all the services to start sending metrics for monitoring. For example, if you have disabled few services from sending metrics for monitoring and want to enable all those disabled services to start sending again.

  1. SSH to the Admin Server.
  2. Enter the following command:
    nw-shell
    The console window is displayed.

    netwitness_console_window.png

  3. Connect to metrics-server using the following command:

    connect --service metrics-server

  4. Enter the login command:
    login
  5. Enter the admin username and password.
  6. Navigate to the enable option using the following command:

    cd /rsa/metrics/elastic/enable-all

  7. Execute the following command to enable all services:

    invoke

Disable Services

This is used to disable all the services to send metrics for monitoring. Once disabled, none of the services sends alerts to the Elasticsearch and the dashboards are not updated, and alerts will not be triggered.

  1. SSH to the Admin Server.
  2. Enter the following command:
    nw-shell
    The console window is displayed.

    netwitness_console_window.png

  3. Connect to metrics-server using the following command:

    connect --service metrics-server

  4. Enter the login command:
    login
  5. Enter the admin username and password.
  1. Navigate to Elasticsearch using the following command:

    cd /rsa/metrics/elastic/disable-all

  2. Execute the following command to disable all services to stop writing to Elasticsearch:

    invoke

Note: This disables all services to send metrics to Elasticsearch but does not stop metric beat to send system level metrics to Elasticsearch. You need to manually stop metric beat on all hosts if you wish to stop using Health and Wellness.

Update an Interval

You can update a common interval for all the services to send data for monitoring. For example, if all the services are set to different intervals and you want to configure all the services to send data to elastic search on the same interval.

The interval can be set in seconds, minutes and hours.

  1. SSH to the Admin Server.
  2. Enter the following command:
    nw-shell
    The console window is displayed.

    netwitness_console_window.png

  3. Connect to metrics-server using the following command:

    connect --service metrics-server

  4. Enter the login command:
    login
  5. Enter the admin username and password.
  1. Navigate to the update-interval directory using the following command:

    cd /rsa/metrics/elastic/update-interval

  2. Execute the following command to set a common interval for all the services:

    invoke <interval>

    For example, invoke 30seconds

Update the Default Configuration

By default, New Health and Wellness configurations are applied after the New Health and Wellness is enabled successfully. To change the configuration of a service, you need to update the existing configuration. After the configuration is updated, the service is notified of the changes.

To update the configuration, perform the following:

  1. SSH to the Admin Server.
  2. Enter the following command:
    nw-shell
    The console window is displayed.

    netwitness_console_window.png

  3. Connect to the metrics-server using the following command:

    connect --service metrics-server

  4. Enter the login command:
    login
  5. Enter the admin username and password.
  1. To get configuration of a service, execute following commands:

    1. cd /rsa/metrics/elastic/get-config

    2. invoke <service-id>

    Note:
    To get the service id for core services:
    1) Go to netwitness_adminicon_20x17.png (Admin) > Core service.
    2) Click > View > Explore.
    3) Expand the sys/stats node list.
    4) In the UUID filed, copy the value.
    To get the service id for launch services:
    1) Go to netwitness_adminicon_25x22.png (Admin) > Launch service.
    2) Click > View > Explore.
    3) Click the process node.
    4) In the service-id field, copy the value.
    To get the service id for Carlos services:
    1) SSH to host in which the Carlos service is deployed.
    2) Execute the following command:
    For Reporting Engine:
    cat /var/netwitness/re-server/rsa/soc/reporting-engine/service-id
    For Legacy Web Server:
    cat /var/netwitness/uax/service-id

    Note: The core services are Archiver, Broker, Concentrator, Decoder, Log Decoder and; Carlos services are Reporting Engine, Legacy Web Server. All the other services that are not included in Core and Carlos services are part of launch services.

  2. Copy the configuration and save it in a file.

    1. Copy the configuration from step 6 and exit from nw-shell using command:

      exit

    2. Create a file under /root in admin server, copy the configurations to the file and save it.

    For example, For the Reporting Engine service, create a file reporting-engine.json under /root/ and copy the configurations obtained from step 6 and save.

  3. To set configurations for a service:

    1. cd /rsa/metrics/elastic/set-config

    2. invoke –-file <absolute path of the path>

      For example, invoke –-file /root/reporting-engine.json

Configure the Data Retention Policy

You can configure the retention policy for monitors (alerts triggered) and metrics based on age and size.

By default, 90 days of data with 100 GB of size for monitors (alerts triggered ) and 30 days of data with 100 GB of size for metrics are retained.

To change the configure for monitor (alerts triggered) retention:

  1. SSH to the Admin Server.
  2. Enter the following command:
    nw-shell
    The console window is displayed.

    netwitness_console_window.png

  3. Connect to metrics-server using the following command:

    connect --service metrics-server

  4. Enter the login command:
    login
  5. Enter the admin username and password.
  1. Go to alert-retention-threshold using command:

    cd /rsa/metrics/elastic/data/retention/alert-retention-threshold

  2. Set the value between 1day to 90days using command:

    set <number of days>

    For example, set 50days

  3. Exit from nw-shell using the command:

    exit

  4. SSH to the host on which New Health and Wellness is installed.

  5. Restart the metrics server on which New Health and Wellness is installed using the command:

    service rsa-nw-metrics-server restart

To change the configuration for metrics time threshold:

  1. SSH to the Admin Server.
  2. Enter the following command:
    nw-shell
    The console window is displayed.

    netwitness_console_window.png

  3. Connect to metrics-server using the following command:

    connect --service metrics-server

  4. Enter the login command:
    login
  5. Enter the admin username and password.
  1. Go to time-threshold using command:

    cd /rsa/metrics/elastic/data/retention/time-threshold

  2. Set the value from 1day to 90days using command:

    set <number of days>

    For example, set 40days

  3. Exit from nw-shell using the command:

    exit

  4. SSH to the host on which New Health and Wellness is installed.
  5. Restart the metrics server on which the New Health and Wellness is installed using the command:

    service rsa-nw-metrics-server restart

To change the size configuration:

  1. SSH to the Admin Server.
  2. Enter the following command:
    nw-shell
    The console window is displayed.

    netwitness_console_window.png

  3. Connect to metrics-server using the following command:

    connect --service metrics-server

  4. Enter the login command:
    login
  5. Enter the admin username and password.
  1. Go to allocated-size using command:

    cd /rsa/metrics/elastic/data/retention/allocated-size

  2. Set the value using command:

    set <size to be allocated>

    For example, set 200GB

  3. Exit from nw-shell using the command:

    exit

  4. SSH to the host on which New Health and Wellness is installed.
  5. Restart the metrics server on which the New Health and Wellness is installed using the command:

    service rsa-nw-metrics-server restart

Note: Make sure the /var/netwitness partition on standalone New Health and Wellness has enough disk space. After you review your datastore configuration, you may determine that you need to add a new volume. For more information on adding a new volume, see “Add New Volume and Extend Existing File Systems” topic in the Virtual Host Installation Guide.