Skip to content
  • There are no suggestions because the search field is empty.

RSA NetWitness Global audit logging configuration not reflecting with new changes

Issue

Global audit logging configured using  NW Cfg: Configure Global Audit Logging document. However, logging not working as per configuration.


Cause

Checking configuration files in Admin server putty shows those files not reflecting the latest configuration applied. When Configuration applied in GUI, that should reflect in  rsa-audit-server-output.conf file on the same date.

cd /etc/logstash/conf.d/
[root@AdminServer conf.d]# ls -l
total 8
-rw-r-----. 1 logstash logstash  412 Apr 13  2019 rsa-audit-server.conf
-rw-r-----. 1 logstash logstash 1369 Oct 24  2019 rsa-audit-server-output.conf

Resolution

Please follow the below steps to reflect the latest changes in configuration files.
  1. Login to NetWitness ADMIN server putty.
  2. Run below command.
    #orchestration-cli-client --update-admin-node
  3. Once the above command successfully completed. Verify the contents of /etc/logstash/conf.d/sa-audit-server-output.conf file to see the latest configuration.

Product Details

RSA Product Set: RSA NetWitness Logs & Network
RSA Product/Service Type: Head Unit/ NetWitness Server
RSA Version/Condition: 11.X
Platform: CentOS
O/S Version: 7

Summary

This document outlines the procedure to reflect Global audit logging configurations in configuration files.


Approval Reviewer Queue

RSA NetWitness Suite Approval Queue