Although the RSA NetWitness platform gives administrators visibility into system metrics through the Health & Wellness Systems Stats Browser, we currently do not have a method to see all storage / retention across our deployment in a single instance or view.
Below you will find several scripts that will help us gain this visibility quickly and easily.
Update: Please grab the latest version of the script, some bugs were discovered that were fixed.
1. Dependency: get-all-systems.sh (attached) both v10 and v11 version for your particular environment. Please run this script prior to running the get-retention.py as it requires the 'all-systems' file which contains all of your appliances & services.
2. We then read through the all-systems file and look for services that have retention e.g. EndpointLogHybrid, EndpointHybrid, LogHybrid, LogDecoder, Decoder, Concentrator, Archiver.
3. Finally we use the 'tlogin' functionality of NwConsole to allow cert-based authentication, thus, no need to run this script with username/password as input to pull database statistics and output the retention (in days) for that particular service.
1. Run ./get-all-systems_v10.sh (for 10.x systems) or ./get-all-systems_v11.sh (for 11.x systems)
NOTE: Make sure to grab the 11.4 version of the backup scripts if you are running NetWitness 11.4+
2. Run ./get-retention.py (without any arguments). This MUST be run from Puppetmaster (v10) or Node0 (v11).
Sample Run:
Please feel free to provide feedback, bug reports etc...