The service configuration files--for Decoder, Log Decoder, Broker, Concentrator, Archiver, and Workbench services-- are editable as text files. In the Service Config view > Files tab, you can:
- View and edit a service configuration file that the Security Analytics system is currently using.
- Retrieve and restore the latest backup of the file you are editing.
- Push the open file to other services.
- Save changes made to a file.
The files available to edit vary depending upon the type of service being configured. The files that are common to all Core services are:
- The service index file.
- The netwitness file.
- The crash reporter file.
- The scheduler file.
In addition the Decoder has files that configure parsers, feed definitions, and a wireless LAN adapter.
Note: The default values in these configuration files are generally good for the most common situations; however, some editing is necessary for optional services, such as the crash reporter or scheduler. Only administrators with a good understanding of the networks and the factors that affect the way services collect and parse data should make changes to these files in the Files tab.
For more detail on service configuration parameters, see Service Configuration Settings.
Edit a Service Configuration File
To edit a file:
- In the Security Analytics menu, select Administration > Services.
- In the Services grid, select a service.
- Select > View > Config.
The Service Config view is displayed with the General tab open.
- Click the Files tab.
The selected service, such as Concentrator, appears in the drop-down list on the right.
- (Optional) To edit a file for the host instead of the service, select Host in the drop-down list.
Choose a file from the Please Select A File To Edit drop-down list.
The file content is displayed in edit mode.
- Edit the file and click Save.
The current file is overwritten and a backup file is created. The changes go into effect after the service is restarted.
Revert to a Backup Version of a Service Configuration File
After you make changes to a configuration file, save the file, and restart the service, a backup file is available. To revert to a backup of a configuration file:
- To select a configuration file, follow steps 1-6 of the previous procedure.
The backup file opens in the text editor.
- To revert to the backup version, click Save.
The changes go into effect after the service is restarted.
Push a Configuration File to Other Services
Once you have edited a service configuration file, you can push the same configuration to other services of the same type.
- To select a configuration file, follow steps 1-6 in the first procedure.
- Click . The Select Services dialog is displayed.
Select each service to push the configuration file on it.
Each service must be the same type as the one you selected in the Services view.
Caution: If you decide not to push the configuration file, click Cancel.
- To push the configuration file to all selected services, click OK.
The configuration file is pushed to all selected services.