.png?width=180&height=32&name=NW%20Logo%20(2).png){kind=small}
How to change the core dump file location for Netwitness appliances
Issue
By default, Netwitness core appliances are configured to dump core files to the /var/netwitness/The core file location may be altered, noting that core files that are too large to dump to the designated area will truncate.
Resolution
Core dumps by default write to a core appliance's default working directory. That directory is defined in the configuration file located in the /etc/init directory and defined asThis example explains how to change the core dump directory for a Log Decoder, noting the .conf file name in /etc/init.d and the location of the chdir statement will change according to the appliance type with which you are working. Also ensure the directory you select for the core dump contains enough space to accommodate a core dump of several gigabytes in size. Never specify the root ( / ) directory as the location.
- Backup the existing logdecoder.conf file.
cd /etc/init.d
cp logdecoder.conf logdecoder.conf.bak<date> - Edit the log decoder configuration file using vi.
vi logdecoder.conf
- Locate this statement:
chdir /var/netwitness/logdecoder/metadb
- Change the path here to a new directory. (This example uses /var/tmp)
chdir /var/tmp
- In order for the new parameter to take effect, the Log Decoder process must be restarted.
restart nwlogdecoder
If you are unsure of any of the steps above or experience any issues, contact Netwitness Support and quote this article number for further assistance.
Product Details
RSA Product Set: NetwitnessRSA Product/Service Type: Decoder, Log Decoder, Concentrator, Hybrid, Broker, All-in-One, Security Analytics Server
Platform: CentOS, AlmaLinux
O/S Version: EL5, EL6
Summary
This article describes how to use an alternate directory for core dumps for Security Analytics core devices
Approval Reviewer Queue
ASOC Approval Group