This topic provides descriptions of the Archiver configuration parameters in the Services Config view.
The tabs for an Archiver in the Services Config view provide a way to manage basic service configurations, configure aggregate services, configure log retention and storage, edit service configuration files, and configure the appliance service for an Archiver.
To access this view:
- In the Security Analytics menu, select Administration > Services.
The Services Config view for the Archiver is displayed with the General tab open.
The following are the tabs in the Archiver config view:
- Data Retention Scheduler
Appliance Service Configuration: for information on the Appliance Service Configuration tab, see the Appliance Service Configuration topic in the Host and Services Getting Started Guide.
The General tab contains the following sections:
- Aggregate Services
- System Configuration
- Aggregation Configuration
The Aggregate Services section provides a way to start and stop aggregation, as well as add, edit, delete, and toggle an aggregate service.
The following table describes actions available in the Aggregate Services section.
When you add an Archiver service, default values are in effect. RSA designed the default values to accommodate most environments and recommends that you do not edit these values because it may adversely affect performance. The following table describes the System Configuration parameters.
|Compression||Determines the minimum amount of bytes before a message is compressed. If set to zero, messages are not compressed.|
|Port||Determines the port used by the service. |
Note: If you change the port number, ensure that you restart the service.
|SSL FIPS mode||If enabled, all the data transferred in the network will be encrypted using SSL.|
|SSL Port||Indicates the port used for encrypting using SSL.|
|Stat Update Interval||Determines how often (in milliseconds) statistic nodes are updated in the system.|
|Threads||Determines the number of threads in the thread pool to handle incoming requests.|
The Aggregation Configuration section contains the following sections:
- Aggregation Settings
- Database Open Files
- Service Heartbeat
The Aggregations Settings section has the following parameters.
|Aggregate Autostart||If enabled, data aggregation will automatically restart after a service restart.|
|Aggregate Hours||Determines the maximum number of hours a service is allowed to start aggregation.|
|Aggregate Interval||Determines the minimum number of milliseconds before another round of aggregation is requested.|
|Aggregate Max Sessions||Determines the number of sessions to aggregate on each round.|
Database Open Files
The Database Open Files section has the following parameters.
|Meta Open Files||Determines the maximum number of meta files kept opened at a given time.|
|Session Open Files||Determines the maximum number of session files kept opened at a given time.|
The Service Heartbeat section has the following parameters.
|Heartbeat Error Restart||Determines the number of seconds to wait after a service error before attempting a service reconnect.|
|Heartbeat Next Attempt||Determines the number of seconds to wait before attempting a service reconnect.|
|Heartbeat No Response||Determines the number of seconds to wait before taking unresponsive service to offline.|
The Storage tab contains two sections:
- Storage Configuration - enables you to set up DACs along with the type of hash algorithm and compression performed on the stored data.
Tiered Storage Configuration - enables you to configure tiered storage for data rollover.
The following are the fields available in the Storage Configuration section.
|Hash Algorithm|| |
The hash algorithm is used to ensure the data integrity of the files being saved. The default algorithm is set to SHA-256 and can be changed to SHA-1 or MD5. By default, the only data being hashed is the raw logs and the hash files are saved in same directory as data.
Note: File hashing is related to the database file and is not generated until the file is closed. The time taken to generate the hash file depends on the Archiver packet.file.size settings and the ingest rate. For example, by default, the Archiver packet.file.size parameter is set to 4 GB. When the packet database file size exceeds 4 GB the file is closed and the associated hash file is generated.
|Meta Compression||The meta can be compressed using the gzip algorithm to save disk space.|
|RAW Data Compression||The raw data can be compressed using the gzip algorithm to save disk space.|
Tiered Storage Configuration
The following are the fields available in the Tiered Storage Configuration section.
Data Retention Scheduler
The Data Retention Scheduler tab in the Service Config view is the user interface for scheduling a size rollout that allows you to rollover data from the primary data storage to the secondary storage. For more information on the Data Retention tab for Archiver, see Data Retention Scheduler Tab.
The Files tab in the Service Config view is the user interface for editing service configuration files for Archiver as text files. The files available to edit vary depending upon the type of service being configured. The files that are common to all core services are:
- The service index file
- The netwitness file
- The crash reporter file
- The scheduler file
- The feed definitions file
For more information on the Files tab, see the Files Tab topic in the Host and Services Getting Started Guide.
Appliance Service Configuration
For information on the Appliance Service Configuration tab, see Appliance Service Configuration in the Getting Started Guide.