Configuring an Archiver

The NetWitness Archiver is an appliance that enables long-term log archiving by indexing and compressing log data and sending it to Archiving storage. The Archiving storage is then optimized for long-term data retention and compliance reporting.

Archiver stores raw logs and log meta from Log Decoders for long-term retention and it uses Direct-Attached Capacity (DAC) for storage.

Note: Raw packet and packet meta are not stored in the Archiver.

Prerequisites

Ensure that you have:

  • Installed the Archiver host in your network environment.
  • Installed and configured Log Decoder in your network environment.

If you want to configure multiple Archiver or Concentrator services as a group and share the aggregation tasks between them, refer to Group Aggregation in the Deployment Guide.

Workflow

This workflow illustrates the end-to-end installation and configuration process for an Archiver.

netwitness_arcovwwfnew.png

The following table describes the basic steps for configuring an Archiver.The tasks must be completed in the sequence they are given.

Configuration Step Description
Edit the Archiver Service

Provides information on how to add an Archiver service to the Archiver host and apply a license to it.

Add Log Decoder as a Data Source to Archiver

Provides instructions on how to add a Log Decoder to an Archiver.

Configure Archiver Storage and Log Retention

Provides instructions on how to configure storage and log retention on an Archiver.

Add Archiver as a Data Source to Reporting Engine Provides instructions on how to add an Archiver as a data source to Reporting Engine to generate reports for the data collected by an Archiver.

Configure Archiver Monitoring

Provides instructions on how to configure the alert mechanism related to Archiver storage.