Archiver: Services Config View - Archiver

Document created by RSA Information Design and Development on Jul 21, 2016Last modified by RSA Information Design and Development on Jul 21, 2016
Version 2Show Document
  • Comment0
  • View in full screen mode
 

This topic provides descriptions of the Archiver configuration parameters in the Services Config view.

The tabs for an Archiver in the Services Config view provide a way to manage basic service configurations, configure aggregate services, configure log retention and storage, edit service configuration files, and configure the appliance service for an Archiver.

To access this view: 

  1. In the Security Analytics menu, select Administration > Services.

  2. In the Services grid, select an Archiver service and ic-actns.png > View > Config.

    The Services Config view for the Archiver is displayed with the General tab open.

105ArcServCon.png

The following are the tabs in the Archiver config view:

  • General
  • Data Retention
  • Files

  • Appliance Service Configuration: for information on the Appliance Service Configuration tab, see the Appliance Service Configuration topic in the Host and Services Getting Started Guide.

General

The General tab contains the following sections:

  • Aggregate Services
  • System Configuration
  • Aggregation Configuration

Aggregate Services

The Aggregate Services section provides a way to start and stop aggregation, as well as add, edit, delete, and toggle an aggregate service.

ArcCfgAggSrv.png

The following table describes actions available in the Aggregate Services section.

                                        
TaskDescription
                    add_icon.pngAdds a Log Decoder as an aggregate service.
                    delete_icon.pngRemoves the selected aggregate service.
                    icon-edit.pngOpens a dialog to edit Meta Fields and Filter values of the aggregate service. You can specify the type of metadata that the Archiver consumes from this service. You can also specify a rule to filter data that the Archiver consumes from this service.
  ic-editsrv.pngEnables you to enter the administrator credentials of the selected aggregate service so that it can communicate with the Archiver.
  ic-toggleSrv.pngToggles the state of a service between offline and online.
 Icon-Start_Aggregation.pngStarts aggregating data using the rules defined for the service. It is necessary to start aggregate service after aggregation has been stopped.
StopAggr.png Stops aggregation on the Archiver. This stops all services and flushes the index, which may take several minutes to complete. It is necessary to stop aggregate services in order to perform various administrative procedures.

System Configuration

ArcCfgSysCfg.png

When you add an Archiver service, default values are in effect. RSA designed the default values to accommodate most environments and recommends that you do not edit these values because it may adversely affect performance. The following table describes the System Configuration parameters.

                                    
TaskDescription
CompressionDetermines the minimum amount of bytes before a message is compressed. If set to zero, messages are not compressed.
PortDetermines the port used by the service.

Note: If you change the port number, ensure that you restart the service.

SSL FIPS modeIf enabled, all the data transferred in the network will be encrypted using SSL.
SSL PortIndicates the port used for encrypting using SSL.
Stat Update IntervalDetermines how often (in milliseconds) statistic nodes are updated in the system.
ThreadsDetermines the number of threads in the thread pool to handle incoming requests.

Aggregation Configuration

ArcCfgAggCfg.png

The Aggregation Configuration section contains the following sections:

  • Aggregation Settings
  • Service Heartbeat

Aggregation Settings

The Aggregations Settings section has the following parameters.

                         
ParameterDescription
Aggregate AutostartIf enabled, data aggregation will automatically restart after a service restart.
Aggregate HoursDetermines the maximum number of hours a service is allowed to start aggregation.
Aggregate IntervalDetermines the minimum number of milliseconds before another round of aggregation is requested.
Aggregate Max SessionsDetermines the number of sessions to aggregate on each round.

Service Heartbeat

The Service Heartbeat section has the following parameters.

                     
ParametersDescription
Heartbeat Error RestartDetermines the number of seconds to wait after a service error before attempting a service reconnect.
Heartbeat Next AttemptDetermines the number of seconds to wait before attempting a service reconnect.
Heartbeat No ResponseDetermines the number of seconds to wait before taking unresponsive service to offline.

Data Retention

For information on the Data Retention tab for Archiver, see Data Retention Tab - Archiver.

Files

The Files tab in the Service Config view is the user interface for editing service configuration files for Archiver as text files. The files available to edit vary depending upon the type of service being configured. The files that are common to all core services are:

  • The service index file
  • The netwitness file
  • The crash reporter file
  • The scheduler file
  • The feed definitions file

For more information on the Files tab, see the Files Tab topic in the Host and Services Getting Started Guide.

You are here: References > Services Config View - Archiver

Attachments

    Outcomes

      Visibility: RSA Security Analytics 10.6.1106 Views
      Last modified on Jul 21, 2016 12:23 PM
      Ratings: