|Applies To||RSA NetWitness NextGen|
RSA NetWitness NextGen 184.108.40.206
|Issue||Merge script for new index keys in RSA NetWitness NextGen 220.127.116.11.|
*************Should be performed only after Appliance has been upgraded from 9.0.x.x to 18.104.22.168*************
With the new release of 9.5 there are new index keys. These keys are automatically added to freshly built 9.5 devices. However, it has been determined when upgrading from 9.0 to 9.5 it does not add these to the current indexes. We have developed a Perl script along with new template key files which are attached here. You will need to download the Perl script and index-*.xml files to your appliances in the /root directory. The files may be downloaded from: ftp://v95:email@example.com/Server_Update/Index_Key_Update_Files/https://sftp.rsa.com/human.aspx?Username=v95&password=version95!&transaction=signon&quiet=true/r=910074231&Arg12=filelist&Arg06=776779397
Once everything is downloaded, SSH to the appliance as root and do the following:
1. ?chmod +x MergeIndex.pl?
2. ?./MergeIndex.pl /etc/netwitness/9.0/index-<service type>.xml? where <service type> is decoder, concentrator, or broker
NOTE: This needs to be run twice on a Hybrid, once for the decoder service and once for the concentrator service.
3. If on a decoder, stop capture, otherwise stop aggregation on the device. Ensure capture or aggregation has been fully stopped by checking for ?Captured has stopped? or ?Aggregation threads have completed? in the log.
4. Restart the service.
|Legacy Article ID||a58706|