Services Config View - Archiver

The Services Config view ( (Admin) > Services > select Archiver service and select ​ >View > Config) provides a way to manage basic service configurations, configure aggregate services, configure log retention and storage, edit service configuration files, and configure the appliance service for an Archiver.

Workflow

This workflow illustrates the end-to-end installation and configuration process for an Archiver.

What do you want to do?

Role	I want to...	Show me how...
Administrator	Add the Archiver service.	Edit the Archiver Service
Administrator	Add a Log Decoder as a Data Source to an Archiver.	Add Log Decoder as a Data Source to Archiver
Administrator	Configure Archiver Storage and Log Retention.	Configure Archiver Storage and Log Retention
Administrator	Add an Archiver as a Data Source to Reporting Engine..	Add Archiver as a Data Source to Reporting Engine
Administrator	Configure Archiver Monitoring.	Configure Archiver Monitoring
Administrator	*Add a Log Decoder as an aggregate service.	Click in the Aggregate Services section.
Administrator	*Remove the selected aggregate service.	Click in the Aggregate Services section.
Administrator	*Edit Meta Fields and Filter values of the aggregate service.	Click in the Aggregate Services section. You can specify the type of metadata that the Archiver consumes from this service. You can also specify a rule to filter data that the Archiver consumes from this service.
Administrator	*Communicate with the Archiver.	Click in the Aggregate Services section. This enables you to enter the administrator credentials of the selected aggregate service so that it can communicate with the Archiver.
Administrator	*Toggle the state of a service between offline and online.	Click in the Aggregate Services section.
Administrator	*Aggregate data using the rules defined for the service.	Click in the Aggregate Services section. Note that it is necessary to start aggregate service after aggregation has been stopped.
Administrator	*Stop aggregation on the Archiver.	Click in the Aggregate Services section. This stops all services and flushes the index, which may take several minutes to complete. It is necessary to stop aggregate services in order to perform various administrative procedures.

*You can perform this task in the current view.

Related Topics

Configure Log Storage Collections

Quick Look

The Services Config view has four tabs and three panels.

1	General tab provides a way to manage basic Archiver service configuration.
2	Data Retention tab provides a way to view and edit collections and retention rules.
3	Files tab allows you to edit enables you to edit the service configuration files for the Archiver as text files
4	Appliance Service Configuration tab provides a way to configure an Archiver service.
5	Aggregate Services panel provides a way to start and stop aggregation, as well as add, edit, delete, and toggle an aggregate service.
6	Aggregation Configuration panel provides configuration settings that affect various aspects of the aggregation process.
7	System Configuration panel provides a way to manage service configuration for an Archiver service.

General

The General tab contains the following sections:

• Aggregate Services
• System Configuration
• Aggregation Configuration

Aggregate ServicesAggregate Services

The Aggregate Services section provides a way to start and stop aggregation, as well as add, edit, delete, and toggle an aggregate service.

System Configuration

When you add an Archiver service, default values are in effect. NetWitness designed the default values to accommodate most environments and recommends that you do not edit these values because it may adversely affect performance. The following table describes the System Configuration parameters.

Task	Description
Compression	Determines the minimum amount of bytes before a message is compressed. If set to zero, messages are not compressed.
Port	Determines the port used by the service. Note: If you change the port number, ensure that you restart the service.
SSL FIPS mode	If enabled, all the data transferred in the network will be encrypted using SSL.
SSL Port	Indicates the port used for encrypting using SSL.
Stat Update Interval	Determines how often (in milliseconds) statistic nodes are updated in the system.
Threads	Determines the number of threads in the thread pool to handle incoming requests.

Aggregation Configuration

The Aggregation Configuration section contains the following sections:

• Aggregation Settings
• Service Heartbeat

Aggregation Settings

The Aggregations Settings section has the following parameters.

Parameter	Description
Aggregate Autostart	If enabled, data aggregation will automatically restart after a service restart.
Aggregate Hours	Determines the maximum number of hours a service is allowed to start aggregation.
Aggregate Interval	Determines the minimum number of milliseconds before another round of aggregation is requested.
Aggregate Max Sessions	Determines the number of sessions to aggregate on each round.

Service Heartbeat

The Service Heartbeat section has the following parameters.

Parameters	Description
Heartbeat Error Restart	Determines the number of seconds to wait after a service error before attempting a service reconnect.
Heartbeat Next Attempt	Determines the number of seconds to wait before attempting a service reconnect.
Heartbeat No Response	Determines the number of seconds to wait before taking unresponsive service to offline.

Files

The Files tab in the Service Config view enables you to edit the service configuration files for the Archiver as text files. ​The files available to edit vary depending upon the type of service being configured.

The following files are common to all core services:

• Service index file
• NetWitness file
• Crash reporter file
• Scheduler file
• Feed definitions file

For more information on the Files tab, see "Files Tab" in the Host and Services Getting Started Guide.