Skip navigation
All Places > Products > RSA NetWitness Platform > RSA NetWitness Platform Online Documentation > Documents
Log in to create and rate content, and to follow, bookmark, and share content with other members.

EP Agent Install 11.5: Deploy and Verify Endpoint Agents

Document created by RSA Information Design and Development Employee on Sep 8, 2020Last modified by RSA Information Design and Development Employee on Sep 9, 2020
Version 2Show Document
  • View in full screen mode
 

This section provides instruction on how to deploy and verify agents.

Note: By default, the agent is installed in the Insights mode. Depending on the policy assigned, the agent can operate in Insights or Advanced mode. Make sure you review the policy before deploying the agent. For more information, see NetWitness Endpoint Configuration Guide.

Deploying Agents (Windows)

To deploy the agent, run the nwe-agent-package.exe file on the hosts you want to monitor.

Verifying Windows Agents

After deploying the Windows agents, you can verify if a Windows agent is running by using any of the following methods:

  • Using the NetWitness UI

    The Hosts view contains the list of all hosts with an agent. You can look for the host name on which the agent is installed.

    Note: Click Hosts or press F5 to refresh the list for latest data.

  • Using Task Manager

    Open Task Manager and look for service name that you configured while generating the agent packager on the host machine.

  • Using Services.msc

    Open Services.msc in run and look for the service name that you configured while generating the agent packager on the host machine.

Deploying Agent (Linux)

To deploy the agent on the hosts you want to monitor:

RPM based Linux

Run the nwe-agent.i686.rpm (for 32-bit) or nwe-agent.x86_64.rpm (for 64-bit) file. To run the command, open Terminal on the Linux machine and run the following command as root:

rpm -iv <installer file name>.rpm

For example, using the default installer file names, you can enter one of the following commands:

rpm -iv nwe-agent.i686.rpm (for i386 architecture)

rpm -iv nwe-agent.x86_64.rpm (for x84_64 architecture)

Note: To upgrade RPM based Linux agents, run rpm -Uvh nwe-agent.i686.rpm or rpm -Uvh nwe-agent.x86_64.rpm.

 

Debian based Linux

Run the nwe-agent.i686.deb (for 32-bit) or nwe-agent.x86_64.deb (for 64-bit) file. To run the command, open Terminal on the Linux machine and run the following command as root:

dpkg -i <installer file name>.deb

For example, using the default installer file names, you can enter one of the following commands:

dpkg -i nwe-agent.i686.deb (for i386 architecture)

dpkg -i nwe-agent.x86_64.deb (for x84_64 architecture)

(Enter the administrator password when prompted.)

Note: To upgrade Debian based Linux agents, run dpkg -i nwe-agent.i686.deb or dpkg -i nwe-agent.x86_64.deb.

Verifying Linux Agents

After deploying the Linux agents, you can verify if a Linux agent is running by using any of the following methods:

  • Using the NetWitness UI

    The Hosts view contains the list of all hosts with an agent.

    Note: Click Hosts or press F5 to refresh the list for latest data.

  • Using Command Line

    Run the following command to get the PID:

    pgrep nwe-agent

  • To check the NetWitness Endpoint version, run the following command:

    cat /opt/rsa/nwe-agent/config/nwe-agent.config | grep version

Deploying Agent (Mac)

To deploy the agent, run the nwe-agent.pkg file on the hosts you want to monitor.

Verifying Mac Agents

After deploying the Mac agents, you can verify if a Mac agent is running by using any of the following methods:

  • Using the NetWitness UI

    The Hosts view contains the list of all hosts with an agent.

    Note: Click Hosts or press F5 to refresh the list for the latest data.

  • Using Activity Monitor

    Open Activity Monitor (/Applications/Utilities/Activity Monitor.app) and look for NWEAgent.

  • Using Command Line

    Run the following command to get the PID

    pgrep NWEAgent

  • To check the NetWitness Endpoint version, run the command:

    grep a /var/log/system.log | grep NWEAgent | grep Version

Next Topic:Uninstall Agents
You are here
Table of Contents > Deploy and Verify Agents

Attachments

    Outcomes