Skip to content
  • There are no suggestions because the search field is empty.

NetWitness How To properly shutdown a NetWitness Appliance

Issue

There are circumstances when it is required to shutdown an appliance. These can be RMA replacement, Datacenter move, among others.

Resolution

  1. Navigate to Admin > Services > Click on Gear under Actions column > View > Config page of installed service on the host
  2. Stop Aggregation/Capture
Stop Aggregation in case the installed service is one of : Broker, Concentrator, Archiver
Stop Capture in case of Log/Packet Decoder
  1. SSH to the Host and stop all the services: (Ex: nwappliance, nwbroker, nwconcentrator, nwlogdecoder, nwlogcollector, nwdecoder, collectd, mongod, rsasoc_re, nwarchiver, rsa-nw-endpoint-server)
#systemctl stop <Service Name>
  1. Shutdown the OS and power off the appliance:
#shutdown -h now
  1. If the appliance did not power off after the shutdown command, press the power Button to shut it down
Note: Complete the following steps If there is an attached External Storage:
  1. Wait at least 5 minutes and confirm that all disk activity on the PowerVault has ended. Monitor the LED lights on the PowerVault to confirm disk I/O activity has ceased.
  2. Power off any connected PowerVault

Notes

When you are starting the Appliance again : 

1. Turn on the power to each PowerVault and allow it to power up.
2. Turn on the power to the appliance and allow it to boot.

Product Details

NetWItness Product Set: Security Analytics, NetWitness
NetWItness Product/Service Type: NW Platform
NetWItness Version/Condition: 11.x, 12.x
Platform: CentOS 7 / Alma

Approval Reviewer Queue

Technical approval queue