Archiver Services Config View - General Tab

The General tab for an Archiver in the Services Config view helps manage basic service configuration, configure the aggregate service, and configure the aggregation process between an Archiver and the aggregate service.

To access the General tab, go to netwitness_adminicon_25x22.png (Admin) > Services, select an Archiver service, then select View > Config.

Workflow

This workflow illustrates the end-to-end installation and configuration process for an Archiver.

netwitness_arcsvccfgvwwf.png

Configuring the aggregate service (whose data is consumed and aggregated) includes:

  • Adding, editing, and deleting Archivers as aggregate services
  • Toggling an aggregate service online and offline
  • Monitoring statistics for aggregate services
  • Starting and stopping aggregation

Configuring the aggregation process includes setting:

  • Aggregation autostart
  • Timing and performance parameters, such as the number of sessions per round of aggregation and time between rounds
  • The timing of attempts to restart, reconnect, or take offline a non-responsive aggregate service

Note: Archiver can aggregate from Log Decoder and Archiver (Archiver-Archiver aggregation). Archiver can be aggregated by Archiver and Broker. A Broker can aggregate from either set of concentrators or set of Archivers

What do you want to do?

Role I want to... Show me how...
Administrator

Add an Archiver service

Edit the Archiver Service
Administrator Add a Log Decoder as a Data Source to an Archiver Add Log Decoder as a Data Source to Archiver

Administrator

Configure Archiver Storage and Log Retention

Configure Archiver Storage and Log Retention

Administrator Add an Archiver as a Data Source to a Reporting Engine Add Archiver as a Data Source to Reporting Engine

Administrator

*Configure Archiver Monitoring

Configure Archiver Monitoring

Administrator

Start and Stop aggregation

Add, edit, delete, and toggle an aggregate service

Aggregate Services Section

Administrator

Manage System Configuration

System Configuration Section

*You can perform this task here.

Related Topics

Configure Log Storage Collections

Quick Look

This is an example of the General tab.

netwitness_121_arcgentab_1122.png

These are the three major sections in the General tab for Archivers:

1

Aggregate Services section provides a way to start and stop aggregation, as well as add, edit, delete, and toggle an aggregate service.

2

System Configuration section manages service configuration for a service.

3

Aggregation Configuration section provides configuration settings that affect various aspects of the aggregation process.

Aggregate Services Section

This is an example of the Aggregate Services section for a Concentrator. The Aggregate Services section toolbar offers these options.

Option Description
netwitness_add.png

Opens a dialog in which you can add a Archiver or a Log Decoder.

netwitness_delete.png

Removes the selected aggregate service.

netwitness_edit_icon.png

Opens a dialog to edit Meta Fields and Filter values.

netwitness_startaggr.png

When aggregation has been stopped or has not started, starts aggregating data from the online service in the list using the rules defined for the service.

netwitness_stopaggreg.png

When aggregation is in progress, stops aggregation on the Broker or Concentrator. This stops all services and flushes the index, which may take several minutes to complete. It is necessary to stop aggregate services in order to perform various administrative procedures.

netwitness_toggleservice.png

Toggles the state of a service between offline and online. Only data from online service is consumed during aggregation.

The Aggregate Services section list has these columns.

Column Description
Address

Lists the address of the service.

Port

Lists the port on which the service listens. The default ports are:

  • 50001 for Log Collectors
  • 50002 for Log Decoders
  • 50003 for Brokers
  • 50004 for Decoders
  • 50005 for Concentrators
  • 50007 for other services
Rate

Lists the number of metadata objects being written to the database per second. Values are rolling average samples over a short time period (10 seconds). After capture stops, the rate is reset to 0.

Max

Lists the maximum number of metadata objects written to the database per second since capture started. Values are rolling average samples over a short time period (10 seconds). After capture stops, Max continues to show the maximum value during capture.

Behind

Lists the number of sessions on the service that need to be aggregated.

Collection

For Brokers only, indicates the collection that was selected when the Analyst Workbench service was added to the Aggregate Services section.

Meta Fields

For Concentrators only, lists the types of metadata being consumed by the aggregate service.

Filter

For Concentrators only, lists any filter being applied to the metadata being consumed by the aggregate service.

Meta Include

For Concentrators only, lists the number of types of meta included in the aggregate service.

Grouped

Whether or not the aggregate service is part of a group.

Status

Lists the current status of the service:

  • online = available to provide data for consumption by the Broker or Concentrator
  • offline = not available to provide data for consumption by the Broker or Concentrator
  • consuming = providing data for consumption by the Broker or Concentrator

System Configuration Section

When a service is first added, default values are in effect. You can edit these values to tune performance.

netwitness_arcsyscfg.png

The System Configuration section has these parameters.

Parameter Description
Compression

The minimum number of bytes that must be transmitted per response before compression. A setting of 0 disables compression. The default value is 0.
A change in value is effective immediately for all subsequent connections.

Port

The port on which the service listens. The default ports are:

  • 50001 for Log Collectors
  • 50002 for Log Decoders
  • 50003 for Brokers
  • 50004 for Decoders
  • 50005 for Concentrators
  • 50007 for other services
SSL FIPS Mode

When enabled (on), the security of data transmission is managed by encrypting information and providing authentication with SSL certificates. The default value is off.

SSL Port

Indicates the SSL port.

Stat Update Interval

The number of milliseconds between statistic updates on the system. Lower numbers cause more frequent updates and can slow down other processes. The default value is 1000.
A change in value is effective immediately.

Threads

The number of threads in the thread pool to handle incoming requests. A setting of 0 lets the system decide. The default value is 15.

Changes takes effect on service restart.

Aggregation Configuration Section

The Aggregation Configuration Section provides configuration settings for aggregation. When you click Apply, the changes are saved; however, not all settings take effect immediately. The tables for Aggregation Settings and Service Heartbeat provide details.

Caution: Do not edit any of these settings without guidance from Customer Support.

netwitness_aggcfgnew.png