|Applies To||RSA Product Set: Security Analytics|
RSA Product/Service Type: Security Analytics Server, Security Analytics UI
RSA Version/Condition: 10.3.x, 10.4.x
O/S Version: EL5, EL6
|Issue||At this time, the ability to export user information for system users into a readable format for auditing purposes is not available within the Security Analytics UI.|
|Tasks||This article will provide steps that explain how to query the underlying h2 database for the Security Analytics UI to list the users table.|
|Resolution||To have the ability to query the h2 database on the Security Analytics server, you must first obtain the h2-1.2.147.jar tool (http://repo1.maven.org/maven2/com/h2database/h2/1.2.147/h2-1.2.147.jar) and transfer it to the /var/lib/netwitness/uax/db directory using your preferred file transfer agent such as WinSCP or FileZilla.|
Alternatively, if the Security Analytics server appliance has Internet access, you can obtain the tool using the wget command with the instructions below.
The tool is placed in the /var/lib/netwitness/uax/db directory so that it can be easily accessible when needing to access the h2 database for the Security Analytics UI. However, using the tool against the active database instance requires the jettysrv service to be stopped, which will prevent access to the user interface. As an alternative, follow the steps below to create a copy of the database against which to query using the tool, which will allow the jettysrv service to remain running.
- Connect to the appliance via SSH as the root user.
- Navigate to the appropriate directory with the following command: cd /var/lib/netwitness/uax/db
- Download the tool by issuing the following command: wget http://repo1.maven.org/maven2/com/h2database/h2/1.2.147/h2-1.2.147.jar
Although the output does not appear to be in a readable format, it can be copied and pasted into a text file so that it can be viewed more easily.
- Create a temporary directory for the operation with the following command: mkdir /tmp/h2
- Issue the two commands below to copy the active database and the h2-1-2-147.jar tool to the new directory.
cp /var/lib/netwitness/uax/db/platform.h2.db /tmp/h2
cp /var/lib/netwitness/uax/db/h2-1.2.147.jar /tmp/h2
- Navigate to the new directory with the following command: cd /tmp/h2
- Issue the command below to access the SQL prompt for the copied h2 database.
java -cp ./h2-1.2.147.jar org.h2.tools.Shell -url jdbc:h2:file:platform
- At the prompt, issue the query below to display the contents of the USERS table within the database.
SELECT * FROM USERS;
If you are unsure of any of the steps above or experience any issues, contact RSA Support and quote this article number for further assistance.
|Notes||The screenshot below provides a demonstration of the procedure mentioned above.|