FNEtool - Licensing troubleshooting tool for SA/Netwitness P&L

Document created by Nicola Di Marzo Employee on Dec 6, 2016Last modified by Nicola Di Marzo Employee on Feb 27, 2017
Version 13Show Document
  • View in full screen mode

This is my first release of FNEtool, Licensing troubleshooting tool for SA/Netwitness P&L


VERS. 0.1 


SA/Netwitness P&L versions supported 10.3, 10.4 ,10.5, 10.6


FNEtool script is able to identify and provide resolution steps for a wide range of most common license issues.
The script has to be executed from the Security Analytics / NetWitness server head, auto-detects the NetWitness version currently in use and shows different menu with possible resolution paths by selecting the appropriate option.

Please Note Option 4 collects logs and all the Info such as serial numbers and config files useful to RSA Customer Support to have a full picture about the current license state of the environment.


Instructions on how to run the script.


Copy the script or RPM to the /root SA/Netwitness head server directory and run the commands below:


chmod +x fnetool.sh



To install the RPM package:


rpm -ivh fnetool-v.0.1-0.noarch.rpm


To remove the package:


yum remove fnetool


After its execution the script immediately shows the Server ID detected, checks connectivity with RSA download center and restart the fneserver performing a license refresh.

Fnetool - intro and check connectivity with DLC


After confirmation FNEtool auto detects the Netwitness version in use and shows a menu based on the version detected where the user can insert an option number.


Options showed for 10.3/4 menu:
0) Reset Core and Archiver License Services
1) Reset ESA and Malware Analysis license Services
2) Reset FNE license Server
3) Change Server ID/Mac Address
4) Collect logs for RSA Support
5) Persistent problems uploading manual license BIN file in the.


Ideal troubleshooting approach in 10.3/4 in case of a service still unlicensed after refreshing licenses or uploading capability response BIN file:
 - Re-entitle the service from Services section-->Licenses
 - Reset service and restart service
 - Administration-->System-->Licensing-->refresh

 - reset fneserver (save config)
 - Refresh license or upload BIN file
 - Re-entitle service, restart jetty as last resort


fnetool - 10.4 menu old service based licensing model


Options showed for 10.5/6 menu:
(All the license information are now stored on mongoDB database only, no longer service related reset/actions are required)


0) Detect/Remove Entitlements from the Database (Service based license)
1) Change Server ID/Mac Address
2) Problems with the Red Banner in the UI (Meter License)
3) Print Entitlements collection and license Info
4) Collect logs for RSA Support
5) Persistent problems uploading manual license BIN file in the UI


Option 0 applies to Service based license environments only. It detects if any object ID deletion from mongo is required and if so auto-generates a command that User can copy/paste on the SA/Netwitness head server command line to easily remove the entries from the database in order "to make room" to the new license


For any problem related with Meter License - Red banner option 2 provides further info about those issues and how to approach them.


fnetool - 10.5/6 menu nw trust licensing model and mongodb interaction



The bash code is available on my github:



Special thanks to Pablo Trigo and his awesome ESAtool from which I have learnt a lot.



Feel free to modify the code or to provide feedback or suggestions on how to improve the tool!

4 people found this helpful