This topic provides descriptions of the Archiver configuration parameters in the Services Config view.
The tabs for an Archiver in the Services Config view provide a way to manage basic service configurations, configure aggregate services, configure log retention and storage, edit service configuration files, and configure the appliance service for an Archiver.
To access this view:
- In the Security Analytics menu, select Administration > Services.
-
In the Services grid, select an Archiver service and
> View > Config.The Services Config view for the Archiver is displayed with the General tab open.
The following are the tabs in the Archiver config view:
- General
- Data Retention
- Files
-
Appliance Service Configuration: for information on the Appliance Service Configuration tab, see the Appliance Service Configuration topic in the Host and Services Getting Started Guide.
General
The General tab contains the following sections:
- Aggregate Services
- System Configuration
- Aggregation Configuration
Aggregate Services
The Aggregate Services section provides a way to start and stop aggregation, as well as add, edit, delete, and toggle an aggregate service.
The following table describes actions available in the Aggregate Services section.
| Task | Description |
|---|---|
 | Adds a Log Decoder as an aggregate service. |
 | Removes the selected aggregate service. |
 | Opens a dialog to edit Meta Fields and Filter values of the aggregate service. You can specify the type of metadata that the Archiver consumes from this service. You can also specify a rule to filter data that the Archiver consumes from this service. |
 | Enables you to enter the administrator credentials of the selected aggregate service so that it can communicate with the Archiver. |
 | Toggles the state of a service between offline and online. |
 | Starts aggregating data using the rules defined for the service. It is necessary to start aggregate service after aggregation has been stopped. |
 | Stops aggregation on the Archiver. This stops all services and flushes the index, which may take several minutes to complete. It is necessary to stop aggregate services in order to perform various administrative procedures. |
System Configuration
When you add an Archiver service, default values are in effect. RSA designed the default values to accommodate most environments and recommends that you do not edit these values because it may adversely affect performance. The following table describes the System Configuration parameters.
| Task | Description |
|---|---|
| Compression | Determines the minimum amount of bytes before a message is compressed. If set to zero, messages are not compressed. |
| Port | Determines the port used by the service. Note: If you change the port number, ensure that you restart the service. |
| SSL FIPS mode | If enabled, all the data transferred in the network will be encrypted using SSL. |
| SSL Port | Indicates the port used for encrypting using SSL. |
| Stat Update Interval | Determines how often (in milliseconds) statistic nodes are updated in the system. |
| Threads | Determines the number of threads in the thread pool to handle incoming requests. |
Aggregation Configuration
The Aggregation Configuration section contains the following sections:
- Aggregation Settings
- Service Heartbeat
Aggregation Settings
The Aggregations Settings section has the following parameters.
| Parameter | Description |
|---|---|
| Aggregate Autostart | If enabled, data aggregation will automatically restart after a service restart. |
| Aggregate Hours | Determines the maximum number of hours a service is allowed to start aggregation. |
| Aggregate Interval | Determines the minimum number of milliseconds before another round of aggregation is requested. |
| Aggregate Max Sessions | Determines the number of sessions to aggregate on each round. |
Service Heartbeat
The Service Heartbeat section has the following parameters.
| Parameters | Description |
|---|---|
| Heartbeat Error Restart | Determines the number of seconds to wait after a service error before attempting a service reconnect. |
| Heartbeat Next Attempt | Determines the number of seconds to wait before attempting a service reconnect. |
| Heartbeat No Response | Determines the number of seconds to wait before taking unresponsive service to offline. |
Data Retention
For information on the Data Retention tab for Archiver, see Data Retention Tab - Archiver.
Files
The Files tab in the Service Config view is the user interface for editing service configuration files for Archiver as text files. The files available to edit vary depending upon the type of service being configured. The files that are common to all core services are:
- The service index file
- The netwitness file
- The crash reporter file
- The scheduler file
- The feed definitions file
For more information on the Files tab, see the Files Tab topic in the Host and Services Getting Started Guide.