Skip to content
  • There are no suggestions because the search field is empty.

How to reset NetWitness Log Collector Lockbox password in 12.3.1 and Later

Issue

Netwitness Log Collector lockbox password requires a reset if one of the following situations arise.

  1. When the lockbox password is not known or forgotten
  2. When there is an error in UI password does not match Lockbox value during Reset Password
  3. When there is an error in /var/log/messages Lockbox Initialization Failed
  4. When there is an error i/var/log/messages
    NwLogCollector_PreInstall: Lockbox Status : Failed to open lockbox: The Lockbox stable value threshold was not met because the system fingerprint has changed. To reset the system fingerprint, open the Lockbox using the passphrase.

Cause

This issue could be due to forgotten password, hardware change or recent NetWitness version upgrade.


Resolution

In some circumstances, it may be necessary to create a new lockbox for the Log Collector in Netwitness UI.  An example of this would be when Event Sources cannot be added and the user is getting the error "Failed to open lockbox."  To do so, follow the steps below.

Note: Please note that all stored passwords for the event sources will need to be re-entered after the new lockbox is created.

  1. Connect to the Log Collector appliance via SSH as the root user.
  2. Change the directory to /etc/netwitness/ng/vault/ with the following command: 
     cd /etc/netwitness/ng/vault
  3. Make a new directory to backup the existing lockbox with the following command:  
    mkdir old
  4. Move the existing lockbox file if exists to that directory with the following command: 
     mv -vi lc.lockbox lockbox lockbox.FCD lockbox.bak lockbox.bak.FCD old
  5. Log in to the Netwitness  UI, navigate to the Admin -> Services -> Logcollector
  6. Click on the red Actions(gear icon)  button for the Log Collector service and select View -> Config.
  7. Click on the Settings tab.
  8. Leave the "Old Lockbox Password" field blank and enter a new password in the "New Lockbox Password" field.
  9. Click Apply.lbx
  10. Check the directory /etc/netwitness/ng/vault/ for the file lc.lockbox is newly created.
  11. Restart NWLogCollector service using the following command. 
    systemctl restart nwlogcollector
  12. Enter the password of all the configured event sources.

Product Details

NetWitness Product Set: NetWitness Logs & Network
NetWitness Product/Service Type: Log Collector
NetWitness Version/Condition: 12.3.1 and later
Platform: CentOS, AlmaLinux


Summary

This document outlines the procedure to reset lockbox password in Netwitness logcollector.


Approval Reviewer Queue

Technical approval queue