000038465 - How to export event sources list in RSA NetWitness Platform11.x

Document created by RSA Customer Support Employee on Feb 19, 2020
Version 1Show Document
  • View in full screen mode

Article Content

Article Number000038465
Applies ToRSA Product Set: RSA NetWitness Platform
RSA Product/Service Type: Core Appliance
RSA Version/Condition: 11.x
Platform: Cent OS
IssueHow to get event source list from RSA NW Platform.
TasksThis article explains how to export event sources list from RSA NetWitness Platform 11.x.
ResolutionYou can find the event sources list in Mongo Database.
  1. Connect to the NetWitness server by SSH as the root user and login to Mongo Database.

# mongo admin -u deploy_admin -p {Your_Password}

  1. You can find "eventsources" collection from "esm" database.

Note) ">" prompt indicates you are now in Mongo Database.

> use esm
> show collections

  1. Retrieve "eventsources" collection using find() function and ensure you have all event sources list from the output.

(first command shows everything condensed, and the second command is formatted)

> db.eventsources.find()
> db.eventsources.find().pretty()

  1. After then, you may use "mongoexport" command below to get all event sources with a file(eventsources.json).

# mongoexport --ssl --sslAllowInvalidHostnames -u deploy_admin -p netwitness --authenticationDatabase admin --db esm --collection eventsources --out /root/eventsources.json

If you are unsure of any of the steps above or experience any issues, contact RSA Support and quote this article number for further assistance.