Skip navigation

Log in to create and rate content, and to follow, bookmark, and share content with other members.

000037472 - RSA NetWitness Logs & Network: When running nw-recovery-tool on Event Stream Analysis Host, backup is failing on contexthub-server

Document created by RSA Customer Support

on Jul 8, 2019

Version 1Show Document

Like • Show 0 Likes0
Comment • 0
View in full screen mode

Article Content

Article Number	000037472
Applies To	RSA Product Set: NetWitness Logs & Network RSA Product/Service Type: Event Stream Analysis, Context Hub, nw-recovery-tool RSA Version/Condition: 11.1.x, 11.2.x, 11.3.x Platform: CentOS O/S Version: 7
Issue	When using nw-recovery-tool on ESAPrimary, this is failing on contexthub-server Example: # nw-recovery-tool --export --dump-dir /var/netwitness/backup --category ESAPrimary Produces the outputs: [2019-05-10T04:40:58+00:00] <23680> (INFO) Executing: before-export [1/1]... /usr/bin/nw-recovery-tool: line 88: /var/lib/netwitness/contexthub-server/nwtools/backup.sh: No such file or directory [2019-05-10T04:40:58+00:00] <23680> (INFO) contexthub-server: [failed] [2019-05-10T04:40:58+00:00] <23680> (ERROR) Failed to execute before-export step [1/1]!
Cause	There are a few possible causes: contexthub-server RPM is not installed. This can be confirmed with the following command: # rpm -q rsa-nw-contexthub-server Backup script is missing for some reason. This can be confirmed with the following command: # ls -l /var/netwitness/contexthub-server/nwtools/backup.sh Missing symbolic link from /var/lib/netwitness to /var/netwitness. This can be confirmed with the command: # ls /var/lib/netwitness -l lrwxrwxrwx. 1 root root 15 Apr 1 05:17 /var/lib/netwitness -> /var/netwitness
Workaround	If the cause is 1) or 2) then can either install the rsa-nw-contexthub-server package using yum. # yum install rsa-nw-contexthub-server Alternative 1: Specify all components except contexthub-server for backup # nw-recovery-tool --export --dump-dir /var/netwitness/backup --category ESAPrimary --component nw-base --component nw-pki --component rabbitmq --component salt-minion --component orchestration-client --component correlation-server --component esa-analytics-server --component event-stream-analysis Alternative 2: Permanently exclude Context Hub from being backed up in nw-recovery-tool Backup sequence file # cp category.sequence category.sequence.$(date +"%Y%m%d") Edit /etc/netwitness/recovery-tool/category.sequence and remove the following line: ESAPrimary:contexthub-server Then you can run the ESA backup as normal: # nw-recovery-tool --export --dump-dir /var/netwitness/backup --category ESAPrimary If the cause is 3) the missing symbolic link, then this link needs to be recreated using the command: # ln -s /var/netwitness /var/lib/netwitness
Notes	NetWitness Logs & Network v11.1 was the first version that included rsa-nw-recovery-tool RPM by default. While this error could occur under 11.0, it would require manual installation of this RPM from a later version of NetWitness.

Attachments

Outcomes

0 Comments

Recommended Content