Skip to content
  • There are no suggestions because the search field is empty.

How to enable ping for business critical applications on RSA NetWitness devices

Issue

Business utilizes monitoring with the use of ping and ICMP.  When business monitoring has priority over the risk of a denial of service attack you can adjust ip_tables to allow ping.


Resolution

  1. SSH into the NetWitness device
  2. Edit the following file /etc/sysconfig/iptables-config

    and set

    IPTABLES_SAVE_ON_STOP="yes"

    IPTABLES_SAVE_ON_RESTART="yes"
     

  3. Run the following command to add to iptables rules:

    iptables -I INPUT 1 -p icmp -j ACCEPT

  4. Restart or stop and start iptables service:
    service iptables stop

    service iptables start

    Or

    service iptables restart

     

Notes

Additional RSA community discussion on this subject can be found at the link below:
https://community.rsa.com/thread/196950

Product Details

RSA Product Set: NetWitness Logs & Network
RSA Product/Service Type: Core Appliance
RSA Version/Condition: 11.1.0, 11.2.1.0, 11.3.x

Approval Reviewer Queue

RSA NetWitness Suite Approval Queue