|Applies To||RSA Product Set: NetWitness Logs and Packets (formerly Security Analytics)|
RSA Product/Service Type: Packet Decoder
RSA Version/Condition: 10.3.x, 10.4.x, 10.5.x, 10.6.x
O/S Version: EL6
|Issue||Some Packet Decoders that were configured between March of 2015 and August of 2016 could contain one or multiple RAID 0 (stripped) configured decodersmall volume group(s). The volume group may contain the metadb, sessiondb, and index files for a packet decoder. In this configuration an issue can occur if one of the hard drives within the array fails as RAID 0 contains no redundancy or hot spares.|
Some Symptoms of this Failure:
|Tasks||This article will outline the steps required to reconfigure a working Packet Decoder’s decodersmall volume group from a RAID 0 (stripped) configuration to a RAID 1 (mirrored) configuration.|
|Resolution||Follow the attached document to determine if your RSA NetWitness Packet Decoders are affected by this RAID 0 misconfiguration.|
If your environment is affected, remember to download the accompanying script to fix this issue.
If there are any questions regarding any issues that appear while performing any of these steps, stop and contact RSA NetWitness Support at firstname.lastname@example.org.