Services Configuration View - Broker General Tab

Document created by RSA Information Design and Development on Jul 26, 2016Last modified by RSA Information Design and Development on Jul 26, 2016
Version 2Show Document
  • View in full screen mode
 

The General tab for a Broker or Concentrator in the Services Configuration view provides a way to manage basic service configuration, configure the aggregate service, and configure the aggregation process between a Broker or Concentrator and the aggregate service.

Configuring the aggregate service (whose data is consumed and aggregated) includes:

  • Adding, editing, and deleting Concentrators and Brokers as aggregate services
  • Toggling an aggregate service online and offline
  • Monitoring statistics for aggregate services
  • Starting and stopping aggregation

Configuring the aggregation process includes setting:

  • Aggregation autostart
  • Timing and performance parameters, such as the number of sessions per round of aggregation and time between rounds
  • Maximum number of open meta and session files
  • The timing of attempts to restart, reconnect, or take offline a non-responsive aggregate service

This is an example of the General tab for a Concentrator.
Services Config View - Concentrator

This is an example of the General tab for a Broker.
SrvConViewB.png

Features

These are the three major sections in the General tab for Brokers and Concentrators:

  • Aggregate Services section
  • System Configuration section
  • Aggregation Configuration section

Aggregate Services Section

The Aggregate Services section provides a way to start and stop aggregation, as well as add, edit, delete, and toggle an aggregate service. This is an example of the Aggregate Services section for a Concentrator. 
104AggCon.png

The Aggregate Services section toolbar offers these options.

                       
OptionDescription
104ApplAdd.pngOpens a dialog in which you can add a Concentrator, Decoder, or Log Decoder as an aggregate service. 
104ServRem.pngRemoves the selected aggregate service.
 104ApplEdit.pngFor Concentrators only, opens a dialog to edit Meta Fields and Filter values for the Concentrator. 
Icon-Start_Aggregation.pngWhen aggregation has been stopped or has not started, starts aggregating data from the online service in the grid using the rules defined for the service.
104StopAgg.pngWhen aggregation is in progress, stops aggregation on the Broker or Concentrator. This stops all services and flushes the index, which may take several minutes to complete. It is necessary to stop aggregate services in order to perform various administrative procedures. 
104ToglSrv.pngToggles the state of a service between offline and online. Only data from online service is consumed during aggregation.

The Aggregate Services section grid has these columns.

                                        
ColumnDescription
AddressLists the address of the service.
PortLists the port on which the service listens. The default ports are:
  • 50001 for Log Collectors
  • 50002 for Log Decoders
  • 50003 for Brokers
  • 50004 for Decoders
  • 50005 for Concentrators
  • 50007 for other services
RateLists the number of metadata objects being written to the database per second. Values are rolling average samples over a short time period (10 seconds). After capture stops, the rate is reset to 0.
MaxLists the maximum number of metadata objects written to the database per second since capture started. Values are rolling average samples over a short time period (10 seconds). After capture stops, Max continues to show the maximum value during capture.
BehindLists the number of sessions on the service that need to be aggregated. 
CollectionFor Brokers only, indicates the collection that was selected when the Analyst Workbench service was added to the Aggregate Services section.
Meta FieldsFor Concentrators only, lists the types of metadata being consumed by the aggregate service.
FilterFor Concentrators only, lists any filter being applied to the metadata being consumed by the aggregate service. 
Meta IncludeFor Concentrators only, lists the number of types of meta included in the aggregate service.
GroupedWhether or not the aggregate service is part of a group.
StatusLists the current status of the service:
  • online = available to provide data for consumption by the Broker or Concentrator
  • offline = not available to provide data for consumption by the Broker or Concentrator
  • consuming = providing data for consumption by the Broker or Concentrator

System Configuration Section

The System Configuration section manages service configuration for a service. When a service is first added, default values are in effect. You can edit these values to tune performance.
104SysCnfSec.png

The System Configuration section has these parameters.

                         
ParameterDescription
CompressionThe minimum number of bytes that must be transmitted per response before compression. A setting of 0 disables compression. The default value is 0.
A change in value is effective immediately for all subsequent connections.
PortThe port on which the service listens. The default ports are:
  • 50001 for Log Collectors
  • 50002 for Log Decoders
  • 50003 for Brokers
  • 50004 for Decoders
  • 50005 for Concentrators
  • 50007 for other services
SSL FIPS ModeWhen enabled (on), the security of data transmission is managed by encrypting information and providing authentication with SSL certificates. The default value is off.
SSL PortIndicates the SSL port.
Stat Update IntervalThe number of milliseconds between statistic updates on the system. Lower numbers cause more frequent updates and can slow down other processes. The default value is 1000.
A change in value is effective immediately.
ThreadsThe number of threads in the thread pool to handle incoming requests. A setting of 0 lets the system decide. The default value is 15
A change takes effect on service restart.

Aggregation Configuration Section

The Aggregation Configuration section provides configuration settings that affect various aspects of the aggregation process. When you click Apply, the changes are saved; however, not all settings take effect immediately. The tables for Aggregation Settings, Database Open Files, and Service Heartbeat provide details.

Aggregation Settings

                   
SettingDescription
Aggregate AutostartOption to start aggregation automatically each time the Broker or Concentrator is started. Checked means yes, unchecked means no. This change takes effect immediately.
Aggregate HoursThe number of hours back for each service that the Concentrator or Broker attempts to recover at the beginning of aggregation. This change takes effect immediately.
  • If the value is set to 0, aggregation for each service starts where it last left off, no matter the number of hours behind. 
  • If the value is any positive integer, the Concentrator or Broker only consumes sessions less than that number of hours back.
For example, if a service's most current session is +10 hours from the last session, this is what happens with two different Aggregate Hours values:
  • With a value of 12, the Concentrator or Broker starts consuming where it left off.
  • With a value of 4, all sessions between 5 and 10 hours back are skipped and the Concentrator or Broker starts consuming the session that started 4 hours back.
Aggregate IntervalThe number of milliseconds between rounds of service aggregation. All services managed by the Broker or Concentrator request additional rounds of session and metadata to be aggregated. If a Broker or Concentrator is still consuming the previous round of data, it cannot request more until it finishes. Change takes effect immediately.
Aggregate Max SessionsThe maximum number of sessions that the Broker or Concentrator requests in a given round of data aggregation. Change takes effect after restart.

Database Open Files

The Database Open Files section applies to Concentrators. In this section, you can configure the maximum number of open files at a given time for various databases. More files open at a time generally improves query performance.

             
SettingDescription
Meta Open FilesThe maximum number of meta files to keep open at any one time. The default value is 100. Change takes effect on service restart.
Session Open FilesThe maximum number of session files to keep open at any one time. The default value is 10. Change takes effect on service restart.

Service Heartbeat

In communicating with each aggregate service, Brokers and Concentrators monitor the heartbeat of the service. These parameters specify the timing of the first attempt to reconnect to a service after an error, the next attempt to reconnect, and taking the service offline after failure to reconnect. 

                
SettingDescription
Heartbeat Error RestartAfter a heartbeat error is detected on an aggregate service, specifies the number of seconds for a Broker or Concentrator to wait before attempting a service reconnect.
Heartbeat Next AttemptAfter a failed attempt to reconnect to an aggregate service, specifies the number of seconds for a Broker or Concentrator to wait before attempting another service reconnect. Change takes effect immediately.
Heartbeat No ResponseAfter failing to reconnect to an unresponsive service, specifies the number of seconds for the Broker or Concentrator to wait before taking the unresponsive service offline. Change takes effect immediately.

When editing parameters in the General tab, you must click Apply to save changes.

You are here: References > Services Configuration View - Broker General Tab

Attachments

    Outcomes