This is a brief video explaining how to remove unnecessary services from Netwitness Hosts.
Output of nodes.sh
[19f6608b-96be-4cdc-96dc-6835ad489a03] reporting-engine saserver appliance broker ipdbextractor incident-management base
[0088aba3-614e-4c9b-93e3-b6b09148ed54] concentrator logdecoder base appliance logcollector
[5bb24498-424a-4083-a8b7-2e2211d9cb32] concentrator base appliance decoder
[5d5a5c3e-f1e7-4e37-a269-eca68780ebab] appliance base malware-analysis broker
To remove ipdbextractor:
- Stop the services
- service puppet stop
- stop nwipdbextractor (this takes a long time - possibly 10 minutes or more)
- Remove the service from puppet, using the addService.py script and the UUID of the SA server. (make sure you list ALL the services you want + base, comma separated)
- /etc/puppet/scripts/addService.py 19f6608b-96be-4cdc-96dc-6835ad489a03 reporting-engine,saserver,appliance,broker,incident-management,base
- Remove the service from Collectd
- rm -f /etc/collectd.d/NwIPDBExtractor.conf
- Uninstall the service
- yum erase nwipdbextractor
- Restart Puppet Service
- service puppet start
- Remove the Service from SA UI Service page
- Disable the IPDB extractor policy in H&W
Updated 12/6/2017
nodes.sh
#!/bin/bash
#
mongoexport --csv -d puppet -c nodes -f node,classes 2>/dev/null | grep -e ^\" | sed -e 's/["{}: \+]//g' -e 's/,/ /g' | awk '{ printf "[\033[1;34m" $1 "\033[0m] "; for (i = 2; i <= NF; i++) if ($i<=NF) { printf "%s,", $i} else { printf "%s,", $i}; {printf "\n"} }'| sed -e 's/,$//g'
Thanks to John Snider for the base steps and nodes.sh script.