.png?width=180&height=32&name=NW%20Logo%20(2).png){kind=small}
How to export event sources list in RSA NetWitness Platform11.x
Issue
How to get event source list from RSA NW Platform.
Tasks
This article explains how to export event sources list from RSA NetWitness Platform 11.x.
Resolution
You can find the event sources list in Mongo Database.- Connect to the NetWitness server by SSH as the root user and login to Mongo Database.
# mongo admin -u deploy_admin -p {Your_Password}
- You can find "eventsources" collection from "esm" database.
Note) ">" prompt indicates you are now in Mongo Database.
> use esm
> show collections
> show collections
- Retrieve "eventsources" collection using find() function and ensure you have all event sources list from the output.
(first command shows everything condensed, and the second command is formatted)
> db.eventsources.find()
> db.eventsources.find().pretty()
> db.eventsources.find().pretty()
- After then, you may use "mongoexport" command below to get all event sources with a file(eventsources.json).
# mongoexport --ssl --sslAllowInvalidHostnames -u deploy_admin -p netwitness --authenticationDatabase admin --db esm --collection eventsources --out /root/eventsources.json
If you are unsure of any of the steps above or experience any issues, contact RSA Support and quote this article number for further assistance.
Product Details
RSA Product Set: RSA NetWitness PlatformRSA Product/Service Type: Core Appliance
RSA Version/Condition: 11.x
Platform: Cent OS
Approval Reviewer Queue
RSA NetWitness Suite Approval Queue