|Applies To||RSA Product Set: NetWitness Logs and Packets (Security Analytics), NetWitness NextGen (Legacy)|
RSA Version/Condition: 9.8, 10.1, 10.2, 10.3.x, 10.4.x, 10.5.x, 10.6.x, 11.x
O/S Version: 5, 6, 7
|Issue||How to download, use and update the Tech Support Data Gathering script (nwtech.sh) to provide information to the Support team for troubleshooting purposes.|
Where can I download the nwtech script?
How do I use the nwtech script?
|Resolution||Current Script Version: 2019.01.11|
1. Download the latest nwtech.sh script version linked in this solution. Do not open it in a text editor and save as this may corrupt the script. (Refer to the knowledge base article Error message '/bin/bash^M: bad interpreter: No such file or directory' when running an RSA NetWitness script for additional information.)
2. Using a scp utility (e.g. Winscp, scp, pscp etc.), transfer the script to your NetWitness host's /root directory.
PLEASE COPY THIS FILE TO YOUR APPLIANCE USING SCP RATHER THAN USING A WINDOWS TEXT EDITOR, AS SOME WINDOWS TEXT EDITORS DO NOT HANDLE UNIX LF'S CORRECTLY, THUS UNEXPECTED RESULTS COULD OCCUR.
3. To display help for the script, execute "./nwtech.sh -h".
4. Change permissions on the file to make it executable by running from an ssh session "chmod +x nwtech.sh"
5. Execute the script by running "./nwtech.sh -p" or "./nwtech.sh username password". The "-p" option will prompt you for username and password. Providing the credentials on the command line is less secure but if your password contains certain special characters you may have to run the script this way and enclose the password in 'single quotes'. The correct credentials for your appliance services, i.e. the Decoder, Concentrator, or Broker credentials you would enter in Administrator, and not your operating system credentials, i.e. not what you use to login via SSH. Unless -i is selected, the script may terminate if a service login failure occurs.
Note: The script will generate an output file called 'nwtech-<dateandtime>.tar.bz2' - the complete filename will be listed at the end of the script's output.
6. scp the output file back to your PC and either attach it to your open NetWitness support case or upload to a secure FTP site such as How to upload files onto the RSA Secure FTP (SFTP) site for review by Customer Support .
7. The 3 most commonly used options are:
Please see changelog file referenced in notes for further details.
For RSA NetWitness 11.x you can also use sosreport to collect evidence - see KB #000036657 - Running SOS on RSA NetWitness Version 11.x
|Notes||You may submit files larger than 25MB by referring to the knowledge base article RSA NetWitness Technical Support script (nwtech.sh) output is too large to upload to a Salesforce case.|
For versions >= 10.4.x and if the -p parameter is used, once successful authentication is achieved using one of the following important services then the rest of the services will attempt to authenticate using the puppet trust model.
Click here to download the latest version of the nwtech.sh script.
Click here to view the Changelog for the nwtech.sh script.
Click here to download the curl-7.18.1-1.fc9.x86_64.rpm package for Fedora Core 9.
|Legacy Article ID||a59741|