|Applies To||RSA Product Set: Security Analytics|
RSA Product/Service Type: Decoder, Log Decoder, Concentrator, Hybrid, Broker, Security Analytics Server
|Issue||How to change the IP address of an RSA Security Analytics appliance.|
How do I change the IP address on my Security Analytics device?
How can I change the IP address on a NetWitness appliance?
To change the IP address of an RSA Security Analytics appliance, follow the steps below.
1. Typically there are multiple interfaces on each SA host. IStart by identifying what ip addresses are configured by typing the ifconfig -a command, which will list all of the interfaces that are configured. Below is a sample, noting the device name itself may differ:
2. In the above listing, I have 2 interfaces (eth0 and eth1) and a loopback configured (loopback is always configured and is a logical vs physical reserved interface). This example demonstrates changing the ip address for eth0.
3. Edit the ethernet configuration script for eth0 (ifcfg-eth0) using the VI editor.
4. The configuration file network, located in /etc/sysconfig, typically contains the default gateway for the host. If your default gateway is also changing, change the gateway entry in the network file. (backup network before editing by issueing the following command: cp network network.<today's_date>)
5. The /etc/hosts file can contain the devices' IP address, for example:
6. When ready, reboot the host by issuing the following command: shutdown -r now
|Notes||IP address changes are performed from the command line by the root account. Basic Linux system administration skills are needed, and system administration best practices should always be used. When changing the IP addresses, it is extremely advisable to be on the system console.|
The RSA Security Analytics software and product licenses are not tied to a specific IP address. Furthermore, the IP address of a specific device is not embedded in any Security Analytics software configuration files that would prevent the product processes from starting or otherwise not be operational. An IP address change is only configured at the OS level. However, if a specific device was added using its IP address vs its FQDN, the device's IP address will need to be modified in the Security Analytics UI before it will become operational again.
This document does not provide the procedure for that change. Other considerations include IP address changes should only be done during scheduled maintenence windows. DNS PTR record changes should me made as close to the time of the systems physical IP address change as possible.
|Legacy Article ID||a65556|