Skip navigation
All Places > Products > RSA NetWitness Platform > RSA NetWitness Platform Online Documentation > Documents
Log in to create and rate content, and to follow, bookmark, and share content with other members.

Export Connector Install: Configuration Process

Document created by RSA Information Design and Development Employee on Oct 15, 2020
Version 1Show Document
  • View in full screen mode
 

The following flowchart describes the steps to configure NetWitness Export Connector.

VM Sizing Recommendations

It is recommended to install the Logstash and the NetWitness Export Connector in an independent VM (Virtual Machine) deployment. Following are the requirements for different variations of EPS (Events Per Second).

Total VM Memory: Set an additional 4GB memory for the JVM (Java Virtual Machine) memory mentioned in the following table for the respective EPS. For Example, for 5K EPS, the JVM memory required is 4GB, the total VM memory must be set to 8 GB.

JVM Memory: The Xms and Xmx for the Logstash service must be set to the same value as shown in the table. You can update the JVM settings for Logstash in the /etc/logstash/jvm.options file. For more information, see JVM Settings documentation.

For more info, https://www.elastic.co/guide/en/logstash/7.x/jvm-settings.html

vCPUs: The vCPUs values that are shown is required only for NetWitness Export Connector to be functional for respective EPS. It is recommended to add extra 4 CPUs for other OS (Operating System) services. The recommended vCPU specifications for all the EPS listed in the following tables are:
Intel Xeon CPU @2.6 Ghz.

Note: The above recommendations is valid only if the VM instance is completely dedicated for Logstash deployment.
The resources consumption is dependent on cumulative EPS irrespective of number of sources. For Example, if you have three Decoders of 5000 EPS each, the cumulative EPS is 15000 as a result we can use the sizing option of 15000 EPS instead of 5000 EPS 3 times.

Log Decoder

  • Metadata over SSL (~50 meta keys)
                                                
EPSvCPUsJVM Memory
50004

4 GB

1000044 GB
150008

8 GB

2000088 GB
2500014

12 GB

3000014

12 GB

600001632 GB
  • Metadata over SSL (~140 meta keys)
                                           
EPSvCPUsJVM Memory
50008

4 GB

10000114 GB
1500014

8 GB

200001712 GB
2500019

16 GB

300001916 GB
  • Meta data and raw logs over SSL (~50 meta keys)
                                                
EPSvCPUsJVM Memory
50004

4 GB

1000084 GB
1500010

8 GB

200001212 GB
2500015

24 GB

3000018

24 GB

60000

23

48 GB

  • Meta data and raw logs over SSL (~140 meta keys)
                                           
EPSvCPUsJVM Memory
50008

4 GB

10000108 GB
1500017

10 GB

200001916 GB
25000

20

32 GB

30000

20

32 GB

Network Decoder

  • Meta data over SSL
                                                     
EPSvCPUsJVM Memory
500 Mbps4

2 GB

1 Gbps42 GB
1.5 Gbps8

4 GB

2 Gbps84 GB

3.4 Gbps

12

8 GB

6 Gbps (10G Decoder)12

24 GB

8 Gbps

15

32 GB

9.4 Gbps15

48 GB

Previous Topic:Overview
Next Topic:Install Logstash
You are here
Table of Contents > Configuration Process

Attachments

    Outcomes