Automatic Backup of Core Service Content after Upgrading Core Service Node to 12.1+ Version in NetWitness

Issue

When the user publishes the first content policy from CCM, all the pre-existing content in the service is deleted.

Resolution

It is recommended to migrate all the content to CCM before publishing the content policy.

A backup of all the core service content will be created automatically when user upgrades Core service hosts to 12.1+ version.

Backup tar file will be available on Core services' host under the following path:

• For Log Decoder service - /var/netwitness/logdecoder/logdecoder_backupcontent_ccm.tar

• For Network Decoder service - /var/netwitness/decoder/decoder_backupcontent_ccm.tar

When user unzips this tar file, the user can see all the content available under following paths:

Feeds:

• For Log Decoder - /var/netwitness/logdecoder/etc/netwitness/ng/feeds

• For Network Decoder - /var/netwitness/decoder/etc/netwitness/ng/feeds

• For Log Decoder - /var/netwitness/logdecoder/etc/netwitness/ng/parsers

• For Network Decoder - /var/netwitness/decoder/etc/netwitness/ng/parsers

• For Log decoder - /var/netwitness/logdecoder/etc/netwitness/ng/NwLogdecoder.cfg

• For Network decoder - /var/netwitness/decoder/etc/netwitness/ng/NwDecoder.cfg

• /var/netwitness/logdecoder/etc/netwitness/ng/envision/etc/devices

User can copy these files to location /etc/netwitness/ng and restart Log Decoder or Decoder service to recover the deleted content.

Product Details

RSA Product Set: NetWitness Platform
RSA Product/Service Type:  NetWitness Platform
RSA Version/Condition: 12.1.1
Platform: CCM

O/S Version: 6/7

Approval Reviewer Queue

Technical approval queue