The Services System view provides a services summary for Security Analytics Core services and some other services, for example Reporting Engine.
The summary information for Security Analytics Core services (Broker, Concentrator, Decoder, and Log Decoder) is similar, including information about:
- Appliance Service
- Service user information
- Host user information
- License information
- Session information
The toolbar for Security Analytics Core services is also similar. The options provide a way to run command-line host tasks, control services and hosts, and other service-specific tasks such as uploading packet capture or log files to a service.
To access the Services System view:
- In the Security Analytics menu, select Administration > Services.
The Administration Services view is displayed.
- Select a service and select > View> System.
The following is an example of the Services System view for a Decoder.
This section describes common features for Security Analytics Core service types.
- Features specific to Brokers and Concentrators are described in the Broker and Concentrator Configuration Guide.
- Features specific to Decoders and Log Decoders are described in the Decoder and Log Decoder Configuration Guide.
Services System View Toolbar
At the top of the Services System view is a toolbar. While some options in the toolbar apply to a specific service type, four options are common to all. The examples below show the options for a Concentrator, for a Decoder, and for a Log Decoder.
This table describes the Services System View toolbar options common to all Core services.
|Host Tasks||Displays the Host Task List dialog, which provides a way to run command-line host tasks from a selection list. See Host Task List Dialog for detailed information.|
|Shutdown Service||Shuts down and restarts the service for a Decoder, Log Decoder, Broker, or Concentrator.|
|Shutdown Appliance Service||Stops all services running on the host, then shuts down and restarts the appliance service for a Log Decoder, Log Decoder, Broker, or Concentrator.|
|Reboot||Shuts down and restarts the host on which the Core services are running.|
Services Summary Information
The top section of the Services System view summarizes information about the selected service. This applies to all Core service types: Decoders, Brokers, Concentrators, and Log Decoders.
|Service and Appliance Service Information||This Includes the service name, service version, memory usage in megabytes, memory usage as a percentage of total memory, the time and date the service started running, the duration of time the service has been running, and the current time.|
|Service and Host User Information||Displays users who have access to this service and the user role to which they belong.|
|License Information|| Displays the computer ID for the service and the licenses installed for that ID. |
Session Information Grid
The bottom section of the Services System view provides a list of active sessions. In this view, you can:
- End a session
- End an active query
The table describes the Session Information grid columns.
|Session||The ID for the session. Clicking the session ID displays a dialog with the option to kill the session. You can approve the action or cancel the action.|
|User||The name of the session owner.|
|IP Address||The IP address of the service where the session is running.|
|Login Time||The time the user logged in.|
|Active Queries||The count of active queries. Clicking a non-zero count displays a dialog in which you can stop execution of a query.|