Skip to content
  • There are no suggestions because the search field is empty.

Connecting to a Service

Connecting to a ServiceConnecting to a Service

To connect and interact with a NetWitness Core service (Decoder, Concentrator, Broker, Archiver, and so on), you must first issue the login command. You must have an account on that service. You can type help login at any time for more information. Here is the syntax of the login command:

login : [:ssl] [password]

For example: login 10.10.1.15:56005:ssl someuser

If you do not include the password, the NwConsole prompts you.

If you have set up proper trust between NwConsole and the endpoint, you can use the tlogin command and avoid having to enter a password. Setting up trust is beyond the scope of this documentation, but it involves adding NwConsole's SSL cert to the endpoint with the send /sys peerCert op=add --file-data= command. You must first use a normal login with the proper permissions before you can add a peer cert for subsequent trusted logins.

Once connected, you can interact with the endpoint service through a virtual file system. Instead of files, what you are looking at are the nodes of that service. Some nodes are folders and have child nodes, forming a hierarchical structure. Each node serves a purpose and all of them support a subset of commands like info and help. The help message returns information about the commands that each node supports. When you first log on, you are on the root node, which is the path /, just like a Linux or Mac system. To see a list of nodes under /, type the ls command.

All services have nodes like sys and logs. To interact with the /logs API, you can first send the help command to the /logs node. To do this, you must use the send message, which has this syntax:

Usage: send {node pathname} {message name} [name=value [name=value]]
            [--file-data=
   
    ] [--string-data=
    
     ] [--binary-data=
     
      ] [--file-format={binary,params,params-list,string,params-binary}]
      
 [--output-pathname=
      
       ] [--output-append-pathname=
       
        ]
        
 [--output-format={text,json,xml,html}]
        
Sends a command to a remote pathname. For remote help, use "send 
        
         help" for details.
         
 pathname - The node pathname to retrieve information on
         
 message - The command (message) to send
         
 parameters - Zero or more name=value parameters for the command
         
 --file-data - Loads data from a file and send as either a BINARY
         
 message or as a PARAMS_BINARY message if other
         
 parameters exist. Providing the --file-format parameter will override automatic detection. --file format - Treat file input as the provided format
        
       
      
     
    
   
  --string-data             - Sends text as a STRING message type
   --binary-data             - Send text as either a BINARY message type or as a
                               PARAMS_BINARY message type if other parameters
                               exist
    --output-pathname        - Writes the response output to the given pathname,
                               overwriting any existing file
    --output-append-pathname - Writes the response output to the given pathname,
                               will append output to an existing file
    --output-format          - Writes the response in one of the given formats,
                               the default is text