Services Config View - Archiver

The Services Config view ( netwitness_adminicon_25x22.png (Admin) > Services > select Archiver service and select netwitness_ic-actns.png​ >View > Config) provides a way to manage basic service configurations, configure aggregate services, configure log retention and storage, edit service configuration files, and configure the appliance service for an Archiver.

Workflow

This workflow illustrates the end-to-end installation and configuration process for an Archiver.

netwitness_arcsvccfgvwwf.png

What do you want to do?

Role I want to... Show me how...

Administrator

Add the Archiver service.

Edit the Archiver Service

Administrator

Add a Log Decoder as a Data Source to an Archiver.

Add Log Decoder as a Data Source to Archiver

Administrator

Configure Archiver Storage and Log Retention.

Configure Archiver Storage and Log Retention

Administrator

Add an Archiver as a Data Source to Reporting Engine..

Add Archiver as a Data Source to Reporting Engine

Administrator

Configure Archiver Monitoring.

Configure Archiver Monitoring

Administrator

*Add a Log Decoder as an aggregate service.

Click netwitness_add_icon.png in the Aggregate Services section.

Administrator *Remove the selected aggregate service.

Click netwitness_delete_icon.png in the Aggregate Services section.

Administrator

*Edit Meta Fields and Filter values of the aggregate service.

Click netwitness_edit_icon.png in the Aggregate Services section. You can specify the type of metadata that the Archiver consumes from this service. You can also specify a rule to filter data that the Archiver consumes from this service.

Administrator *Communicate with the Archiver.

Click netwitness_ic-editsrv.png in the Aggregate Services section. This enables you to enter the administrator credentials of the selected aggregate service so that it can communicate with the Archiver.

Administrator

*Toggle the state of a service between offline and online.

Click netwitness_toggleservice_112x21.png in the Aggregate Services section.

Administrator

*Aggregate data using the rules defined for the service.

Click netwitness_startaggr.png in the Aggregate Services section.

Note that it is necessary to start aggregate service after aggregation has been stopped.

Administrator

*Stop aggregation on the Archiver.

Click netwitness_stopaggreg.png in the Aggregate Services section. This stops all services and flushes the index, which may take several minutes to complete. It is necessary to stop aggregate services in order to perform various administrative procedures.

*You can perform this task in the current view.

Related Topics

Configure Log Storage Collections

Quick Look

The Services Config view has four tabs and three panels.

netwitness_121_arccfgview_1122.png

1 General tab provides a way to manage basic Archiver service configuration.
2 Data Retention tab provides a way to view and edit collections and retention rules.
3 Files tab allows you to edit enables you to edit the service configuration files for the Archiver as text files
4 Appliance Service Configuration tab provides a way to configure an Archiver service.
5 Aggregate Services panel provides a way to start and stop aggregation, as well as add, edit, delete, and toggle an aggregate service.
6 Aggregation Configuration panel provides configuration settings that affect various aspects of the aggregation process.
7 System Configuration panel provides a way to manage service configuration for an Archiver service.

General

The General tab contains the following sections:

  • Aggregate Services
  • System Configuration
  • Aggregation Configuration

Aggregate Services

The Aggregate Services section provides a way to start and stop aggregation, as well as add, edit, delete, and toggle an aggregate service.

netwitness_arccnfaddsvcs.png

System Configuration

netwitness_arcsyscnfg_645x212.png

When you add an Archiver service, default values are in effect. NetWitness designed the default values to accommodate most environments and recommends that you do not edit these values because it may adversely affect performance. The following table describes the System Configuration parameters.

Task Description
Compression

Determines the minimum amount of bytes before a message is compressed. If set to zero, messages are not compressed.

Port

Determines the port used by the service.

Note: If you change the port number, ensure that you restart the service.

SSL FIPS mode

If enabled, all the data transferred in the network will be encrypted using SSL.

SSL Port

Indicates the port used for encrypting using SSL.

Stat Update Interval

Determines how often (in milliseconds) statistic nodes are updated in the system.

Threads

Determines the number of threads in the thread pool to handle incoming requests.

Aggregation Configuration

netwitness_aggregcfg.png

The Aggregation Configuration section contains the following sections:

  • Aggregation Settings
  • Service Heartbeat

Aggregation Settings

The Aggregations Settings section has the following parameters.

Parameter Description
Aggregate Autostart

If enabled, data aggregation will automatically restart after a service restart.

Aggregate Hours

Determines the maximum number of hours a service is allowed to start aggregation.

Aggregate Interval

Determines the minimum number of milliseconds before another round of aggregation is requested.

Aggregate Max Sessions

Determines the number of sessions to aggregate on each round.

Service Heartbeat

The Service Heartbeat section has the following parameters.

Parameters Description
Heartbeat Error Restart

Determines the number of seconds to wait after a service error before attempting a service reconnect.

Heartbeat Next Attempt

Determines the number of seconds to wait before attempting a service reconnect.

Heartbeat No Response

Determines the number of seconds to wait before taking unresponsive service to offline.

Files

The Files tab in the Service Config view enables you to edit the service configuration files for the Archiver as text files. ​The files available to edit vary depending upon the type of service being configured.

The following files are common to all core services:

  • Service index file
  • NetWitness file
  • Crash reporter file
  • Scheduler file
  • Feed definitions file

For more information on the Files tab, see "Files Tab" in the Host and Services Getting Started Guide.