Host GS: Add and Delete a Filesystem Monitor

Document created by RSA Information Design and Development on Jul 21, 2016
Version 1Show Document
  • View in full screen mode
 

When you want a service to monitor traffic on a specific file system, you can select the service and then specify the path. Security Analytics adds a file system monitor. Once a file system monitor is added to a service, the service continues to monitor traffic on that path until the file system monitor is deleted.

Configure the Filesystem Monitor

  1. In the Security Analytics menu, select Administration >Services.
  2. In the Services grid, select a service and Actns.png > View > System
    The System view for the service is displayed.
  3. In the Services System view toolbar, click Host Tasks.
  4. In the Host Task List, select Add Filesystem Monitor.
    In the Info area, a brief explanation of the task and the task arguments is displayed.

    AddFlSysMntr.png
  5. To identify the filesystem to monitor, type the path in the Arguments field. For example:
    path=/var/netwitness/decoder/packetdb
  6. Click Run.
    The result is displayed in the Output area. The service begins to monitor the file system and continues to monitor it until you delete the filesystem monitor.

Delete a Filesystem Monitor

  1. Navigate to the Host Task List dialog.
  2. In the Host Task List, select Delete Filesystem Monitor.
    In the Info area, a brief explanation of the task and the task arguments is displayed.

    DelFlSysMntr.png
  3. To identify the filesystem to stop monitoring, type the path in the Arguments field. For example:
    path=/var/netwitness/decoder/packetdb
  4. Click Run.
    The result is displayed in the Output area. The service stops monitoring the file system.
You are here: Host Procedures from the Task List Dialog > Add and Delete a Filesystem Monitor

Attachments

    Outcomes