.png?width=180&height=32&name=NW%20Logo%20(2).png){kind=small}
Issue
Besides the Health and Wellness monitoring section available from the RSA NetWitness Platform UI, it may sometimes be useful to retrieve important historical info such as Memory, CPU, disks IO, Swap and network traffic directly from CentOS CLI using SAR.
Tasks
CentOS provides by default a cron job set up in /etc/cron.d/sysstat that populates /var/log/sa/ with these important system logs and stores them for a month.We can extract info from the logs ordered by the most recent one using the scripts below thanks to the Sar command on every Security Analytics appliance.
Resolution
MEMORY
for i in `ls -t /var/log/sa/sa[0-1]*` ;do sar -r -f $i ;done > sar_debug_memory.log
SWAP
for i in `ls -t /var/log/sa/sa[0-1]*` ;do sar -S -f $i ;done > sar_debug_Swap.log
CPU
for i in `ls -t /var/log/sa/sa[0-1]*` ;do sar -p -f $i ;done > sar_debug_cpu.log
Disks IO
for i in `ls -t /var/log/sa/sa[0-1]*` ;do sar -b -f $i ;done > sar_debug_IO.log
NETWORK (all NICs)
for i in `ls -t /var/log/sa/sa[0-1]*` ;do sar -n DEV -f $i ;done > sar_debug_Network.log
The scripts will create respectively sar_debug_memory.log, sar_debug_Swap.log, sar_debug_cpu.log, sar_debug_IO.log, sar_debug_Network.log files and we can view the files using vi editor for example (if ran from the /root directory):
vi /root/sar_debug_Network.log
Please note the average at the end of everyday report:
For more info about the columns and options, I would suggest to consult the SAR man page.
Product Details
RSA Product Set: Security Analytics, NetWitness Logs & NetworkRSA Product/Service Type: Health & Wellness, Security Analytics Server, Core Services
Platform: CentOS
Summary
Beside the Health and Welness monitoring section available from the SA UI sometimes could be useful to retrieve important historical info such as Memory, Cpu, disks IO, Swap and network traffic directly from the Centos CLI also using SAR.
Approval Reviewer Queue
RSA NetWitness Suite Approval Queue