Archiver: Services Config View - Archiver

Document created by RSA Information Design and Development on Jul 26, 2016
Version 1Show Document
  • View in full screen mode
 

This topic provides descriptions of the Archiver configuration parameters in the Services Config view.

The tabs for an Archiver in the Services Config view provide a way to manage basic service configurations, configure aggregate services, configure log retention and storage, edit service configuration files, and configure the appliance service for an Archiver.

To access this view: 

  1. In the Security Analytics menu, select Administration > Services.
  2. In the Services grid, select an Archiver service and ic-actns.png > View > Config.

    The Services Config view for the Archiver is displayed with the General tab open.

105ArcServCon.png

The following are the tabs in the Archiver config view:

  • General
  • Storage
  • Data Retention Scheduler
  • Files
  • Appliance Service Configuration: for information on the Appliance Service Configuration tab, see the Appliance Service Configuration topic in the Host and Services Getting Started Guide.

General

The General tab contains the following sections:

  • Aggregate Services
  • System Configuration
  • Aggregation Configuration

Aggregate Services

The Aggregate Services section provides a way to start and stop aggregation, as well as add, edit, delete, and toggle an aggregate service.

ArcCfgAggSrv.png

The following table describes actions available in the Aggregate Services section.

                                    
TaskDescription
                add_icon.pngAdds a Log Decoder as an aggregate service.
                delete_icon.pngRemoves the selected aggregate service.
                icon-edit.pngEdits service parameters.
ic-toggleSrv.png Toggles the state of a service between offline and online.
Icon-Start_Aggregation.png Starts aggregating data using the rules defined for the service. It is necessary to start aggregate service after aggregation has been stopped.
StopAggr.png Stops aggregation on the Archiver. This stops all services and flushes the index, which may take several minutes to complete. It is necessary to stop aggregate services in order to perform various administrative procedures.

System Configuration

ArcCfgSysCfg.png

When you add an Archiver service, default values are in effect. RSA designed the default values to accommodate most environments and recommends that you do not edit these values because it may adversely affect performance. The following table describes the System Configuration parameters.

                                    
TaskDescription
CompressionDetermines the minimum amount of bytes before a message is compressed. If set to zero, messages are not compressed.
PortDetermines the port used by the service.

Note: If you change the port number, ensure that you restart the service.

SSL FIPS modeIf enabled, all the data transferred in the network will be encrypted using SSL.
SSL PortIndicates the port used for encrypting using SSL.
Stat Update IntervalDetermines how often (in milliseconds) statistic nodes are updated in the system.
ThreadsDetermines the number of threads in the thread pool to handle incoming requests.

Aggregation Configuration

ArcCfgAggCfg.png

The Aggregation Configuration section contains the following sections:

  • Aggregation Settings
  • Database Open Files
  • Service Heartbeat

Aggregation Settings

The Aggregations Settings section has the following parameters.

                         
ParameterDescription
Aggregate AutostartIf enabled, data aggregation will automatically restart after a service restart.
Aggregate HoursDetermines the maximum number of hours a service is allowed to start aggregation.
Aggregate IntervalDetermines the minimum number of milliseconds before another round of aggregation is requested.
Aggregate Max SessionsDetermines the number of sessions to aggregate on each round.

Database Open Files

The Database Open Files section has the following parameters.

                   
ParametersDescription
Meta Open FilesDetermines the maximum number of meta files kept opened at a given time.
Session Open FilesDetermines the maximum number of session files kept opened at a given time.

Service Heartbeat

The Service Heartbeat section has the following parameters.

                     
ParametersDescription
Heartbeat Error RestartDetermines the number of seconds to wait after a service error before attempting a service reconnect.
Heartbeat Next AttemptDetermines the number of seconds to wait before attempting a service reconnect.
Heartbeat No ResponseDetermines the number of seconds to wait before taking unresponsive service to offline.

Storage

The Storage tab contains two sections:

  • Storage Configuration - enables you to set up DACs along with the type of hash algorithm and compression performed on the stored data.
  • Tiered Storage Configuration - enables you to configure tiered storage for data rollover.

Storage Configuration

The following are the fields available in the Storage Configuration section.

                       
FieldDescription
Hash Algorithm

The hash algorithm is used to ensure the data integrity of the files being saved. The default algorithm is set to SHA-256 and can be changed to SHA-1 or MD5. By default, the only data being hashed is the raw logs and the hash files are saved in same directory as data.

Note: File hashing is related to the database file and is not generated until the file is closed. The time taken to generate the hash file depends on the Archiver packet.file.size settings and the ingest rate. For example, by default, the Archiver packet.file.size parameter is set to 4 GB. When the packet database file size exceeds 4 GB the file is closed and the associated hash file is generated.

Meta CompressionThe meta can be compressed using the gzip algorithm to save disk space.
RAW Data CompressionThe raw data can be compressed using the gzip algorithm to save disk space.

Tiered Storage Configuration

The following are the fields available in the Tiered Storage Configuration section.

                                                       
FieldDescription
Enables you to add a storage tier that you can configure for data roll over. Use this option if you are adding all the information for meta, packets, session, and index at one time.
Enables you to add a storage tier that you can configure for data roll over. Use this option if you need to add a particular Meta, Packet, Session, or Index entry.
Enables you to remove a storage tier.
Enables you to edit storage tier properties.
Enables you to restore the previous configuration changes.
PathDisplays the path of the meta, packet, index, and session database.
TierDisplays type of storage tier: Hot, Warm or Cold.
SizeDisplays the size of the storage tier.
UnitDisplays the unit for the storage tier size in Bytes, KB, MB, GB or TB.
Max Size Of A Hot DatabaseThe value of maxSize provided will force the oldest data to be deleted when it reaches this value or moved to warm or cold tier if configured. For example, if you set the Max Size Of A Hot Database to 1 TB; when the data size reaches 1 TB on Hot tier, the oldest data from Hot will be moved to Warm tier.
Max Size Of A Warm DatabaseIf a value of maxSizeWarm is configured it force the oldest data to be deleted when it reaches this size or moved to cold tier if configured. For example, if you set the Max Size Of A Warm Database to 1 TB; when the data size reaches 1 TB on Warm tier, the oldest data from Warm will be moved to Cold tier.

Data Retention Scheduler

The Data Retention Scheduler tab in the Service Config view is the user interface for scheduling a size rollout that allows you to rollover data from the primary data storage to the secondary storage. For more information on the Data Retention tab for Archiver, see Data Retention Scheduler Tab.

Files

The Files tab in the Service Config view is the user interface for editing service configuration files for Archiver as text files. The files available to edit vary depending upon the type of service being configured. The files that are common to all core services are:

  • The service index file
  • The netwitness file
  • The crash reporter file
  • The scheduler file
  • The feed definitions file

For more information on the Files tab, see the Files Tab topic in the Host and Services Getting Started Guide.

Appliance Service Configuration

For information on the Appliance Service Configuration tab, see Appliance Service Configuration in the Getting Started Guide.

You are here: Archiver: References > Archiver: Services Config View - Archiver

Attachments

    Outcomes