Skip to content
  • There are no suggestions because the search field is empty.

How to find the sessions.behind value from the command line on an RSA Security Analytics concentrator

Tasks

This article is intended to help users to find the sessions.behind value on a concentrator using the command line instead of the RSA Security Analytics UI.


Resolution

  1. Connect to the concentrator appliance via SSH as the root user.
  2. Use the command below to find the sessions.behind value using the concentrator service account credentials. Note: If you have more than one device being aggregated from, then you will see a line for each device.
    root@concentrator ~]# NwConsole -c login localhost:50005 <username> <password> -c cd concentrator/devices -c ls depth=10 | grep sessions.behind


The steps below will provide the same output without requiring the password to be entered in plain text.
  1. Connect to the concentrator appliance via SSH as the root user.
  2. Enter the NwConsole interface.
    [root@concentrator ~]# NwConsole
  3. Log in using the service account credentials.  (default: admin)
    > login localhost:50005 admin
  4. Provide the password for the service account.
    Password: **********
    Successfully logged in as session 84272
  5. Navigate to the devices directory.
    [localhost:50005] /> cd concentrator/devices
  6. List the device information, which will include the sessions.behind value.
    [localhost:50005] /concentrator/devices> ls depth=10

Product Details

RSA Product Set: Security Analytics, NetWitness Logs and Network
RSA Product/Service Type: Concentrator
RSA Version/Condition: 10.5.x, 10.6.x, 11.X
Platform: CentOS
O/S Version: EL6, EL7

Summary

Some customers need the command line to find the sessions.behind value in order to run reports.


Approval Reviewer Queue

RSA NetWitness Suite Approval Queue