Install NetWitness Export Connector Install NetWitness Export Connector
Note: From 11.6 onwards, the Logstash server is packaged and supported along with the NetWitness Log Collector or Virtual Log Collector (VLC) service to provide easy access to Logstash. This is referred to as Managed Logstash and it eliminates the need for a separate Logstash server outside of the NetWitness Platform. For more information, see "Configure Logstash Event Sources in NetWitness" in the Log Collection Configuration Guide.
Do the following steps to install NetWitness Export Connector .
-
Download the offline installer from RSA Link in the following location: NetWitness Export Connector Installer.
-
Copy the downloaded NetWitness ZIP archive to the system where Logstash runs.
-
Open a command prompt and run the following command to change directory to Logstash home.
cd /usr/share/logstash - Check the status of the Logstash service by running the following command.
systemctl status logstash - Stop the Logstash service by running the following command.
systemctl stop logstash - Install the NetWitness Export Connector by running the following command.
bin/logstash-plugin install file:///<path-to-file>/netwitness-export-connector-x.x.x.zip - Make sure that all the required configuration files (netwitness-<decoder-ip>-input.conf) are available in the following folder.
/etc/logstash/conf.d/ - Start the Logstash service by running the following command.
systemctl start logstash
