Skip navigation

Log in to create and rate content, and to follow, bookmark, and share content with other members.

000038465 - How to export event sources list in RSA NetWitness Platform11.x

Document created by RSA Customer Support

on Feb 19, 2020

Version 1Show Document

Like • Show 0 Likes0
Comment • 0
View in full screen mode

Article Content

Article Number	000038465
Applies To	RSA Product Set: RSA NetWitness Platform RSA Product/Service Type: Core Appliance RSA Version/Condition: 11.x Platform: Cent OS
Issue	How to get event source list from RSA NW Platform.
Tasks	This article explains how to export event sources list from RSA NetWitness Platform 11.x.
Resolution	You can find the event sources list in Mongo Database. Connect to the NetWitness server by SSH as the root user and login to Mongo Database. # mongo admin -u deploy_admin -p {Your_Password} You can find "eventsources" collection from "esm" database. Note) ">" prompt indicates you are now in Mongo Database. > use esm > show collections Retrieve "eventsources" collection using find() function and ensure you have all event sources list from the output. (first command shows everything condensed, and the second command is formatted) > db.eventsources.find() > db.eventsources.find().pretty() After then, you may use "mongoexport" command below to get all event sources with a file(eventsources.json). # mongoexport --ssl --sslAllowInvalidHostnames -u deploy_admin -p netwitness --authenticationDatabase admin --db esm --collection eventsources --out /root/eventsources.json If you are unsure of any of the steps above or experience any issues, contact RSA Support and quote this article number for further assistance.

Attachments

Outcomes

0 Comments

Recommended Content