000026404 - How to monitor a SAW cluster in RSA Security Analytics using the RSA SAW Monitor Tool

Document created by RSA Customer Support Employee on Jun 14, 2016Last modified by RSA Customer Support Employee on Apr 21, 2017
Version 3Show Document
  • View in full screen mode

Article Content

Article Number000026404
Applies ToRSA Security Analytics
RSA Security Analytics 10.2
RSA Security Analytics 10.3
RSA Security Analytics Warehouse
RSA Security Analytics Server
IssueHow to monitor a SAW cluster in RSA Security Analytics using the RSA SAW Monitor Tool.
How do I use the RSA SAW Monitor Tool to monitor my SAW cluster?

To download and utilize the RSA SAW Monitor Tool, follow the steps below.

1. Download and unzip the file RSASAWMonitorTool_v01.zip and copy the directory "RSASAWMonitorTool_v01" to the Security Analytics server appliance.
2. This tool will generate the log file jmxtool.log and hence it would be better to place this directory on the volume where enough disk space is available.
3. Make sure you have configured the "source.json" file.
Enter the SAW node IPs under "data" in the config file "source.json" as shown below,
"data": {
                        "host": [

[Make sure the commas and Inverted marks are there]
[The above config is for 3-node cluster. In case of 4 node cluster, you will have to configure 4 IP Addresses above]

Enter the Mail configuration under "mailNotifier" as below,
 "mailNotifier": {
                                "subject"   : "RSA SAW Monitoring Tool Notification",
                                                "mail.smtp.starttls.enable": "true",
                                                "mail.smtp.host": "X.X.X.X",
                                                "mail.smtp.user": "sender@domain.local",
                                                "mail.smtp.password": "password",
                                                "mail.smtp.port": "25",
                                                "mail.smtp.auth": "false"
                                "mailTo" : [ "test@domain.com","test1@domain.com"]

[Configure the appropriate settings above and the recipient mail Ids in the last]
4. Once the source.json file is configured, you can start the service by,
# java -jar RSASAWMonitorTool.jar 2>&1 &
[This process runs in the backend]
5. At any time, if you want to kill this process, do as below,
# ps -aef | grep RSASAWMonitorTool.jar | grep -v grep
root     15946  8548  0 May01 pts/0    00:04:11 java -jar RSASAWMonitorTool.jar

The one marked in red above is the PID and you can kill it as below,
# kill -9 15946
6. once you start the process as above, it will monitor the SAW nodes that you have configured in the source.json and sends mail alerts whenever any node is down or not responding.


If you are unsure of any of the steps above or experience any issues, contact RSA Support and quote this article ID for further assistance.

Legacy Article IDa66192