Removing Unnecessary Services

Written by Admin | Oct 4, 2016 4:00:00 AM
(view in My Videos)

This is a brief video explaining how to remove unnecessary services from Netwitness Hosts. 

Output of nodes.sh

[19f6608b-96be-4cdc-96dc-6835ad489a03] reporting-engine saserver appliance broker ipdbextractor incident-management base

[0088aba3-614e-4c9b-93e3-b6b09148ed54] concentrator logdecoder base appliance logcollector

[5bb24498-424a-4083-a8b7-2e2211d9cb32] concentrator base appliance decoder

[5d5a5c3e-f1e7-4e37-a269-eca68780ebab] appliance base malware-analysis broker

To remove ipdbextractor:

  • Stop the services
    • service puppet stop
    • stop nwipdbextractor (this takes a long time - possibly 10 minutes or more)
  • Remove the service from puppet, using the addService.py script and the UUID of the SA server. (make sure you list ALL the services you want + base, comma separated)
    • /etc/puppet/scripts/addService.py 19f6608b-96be-4cdc-96dc-6835ad489a03 reporting-engine,saserver,appliance,broker,incident-management,base
  • Remove the service from Collectd
    • rm -f /etc/collectd.d/NwIPDBExtractor.conf
  • Uninstall the service
    • yum erase nwipdbextractor
  • Restart Puppet Service
    • service puppet start
  • Remove the Service from SA UI Service page
  • Disable the IPDB extractor policy in H&W

Updated 12/6/2017

nodes.sh 

#!/bin/bash
#
mongoexport --csv -d puppet -c nodes -f node,classes 2>/dev/null | grep -e ^\" | sed -e 's/["{}: \+]//g' -e 's/,/ /g' | awk '{ printf "[\033[1;34m" $1 "\033[0m] "; for (i = 2; i <= NF; i++) if ($i<=NF) { printf "%s,", $i} else { printf "%s,", $i}; {printf "\n"} }'| sed -e 's/,$//g'

Thanks to John Snider for the base steps and nodes.sh script.
View full post