MapR: Configure Warehouse Connector to Write to NetWitness Warehouse

Document created by RSA Information Design and Development on Sep 14, 2017Last modified by RSA Information Design and Development on Sep 12, 2018
Version 9Show Document
  • Comment0
  • View in full screen mode
 

You must enable the Warehouse Connector services to write to RSA NetWitness Warehouse.

To configure Warehouse Connector to write to the NetWitness Warehouse, perform the following tasks on the Log Decoders and Decoders where the Warehouse Connectors are installed:

Note: If you are configuring on a virtual environment, perform these tasks on a standalone Warehouse Connector server.

Verify the Network File System (NFS) Services Status

To verify the NFS services status:

  1. Log on to the Warehouse Connector appliance where you have installed the Warehouse Connector service.
  2. Enter the following command:
    rpm –qa |grep nfs
    The NFS package names appear in the output message. For example:
    nfs-utils-lib-1.1.5-6.el6.x86_64
    nfs-utils-1.2.3-36.el6.x86_64
  3. If the output message is empty, install the NFS packages.

Install the Network File System Packages

Prerequisites

If the NFS packages are already downloaded on the appliances manually, install the packages and mount RSA NetWitness Warehouse. You need to have internet access to complete this task. If internet access is not available, you must download the RPM packages offline and copy them to this machine for installation.

Note: Install the NFS packages only if the NFS packages are not displayed when you verify the status of NFS in the Warehouse Connector appliance or on the appliance where you have installed the Warehouse Connector service. 

To install NFS packages:

  1. Log on to the Warehouse Connector appliance or on the appliance where you have installed the Warehouse Connector service.

  2. Verify the NFS status, using the following command:

    rpm –qa |grep nfs

    The NFS package names appear in the output message. For example:

    nfs-utils-lib-1.1.5-6.el6.x86_64
    nfs-utils-1.2.3-36.el6.x86_64

    If the nfs-utils and nfs-utils-lib are properly identified, you can skip the remaining steps in this procedure (Install the Network File System Packages).

  3. Search for NFS package, using the following command:

    yum search nfs-utils

    The output ends with the following message:

    “name and summary matches only, use “search all” for everything.”

    Note: Contact RSA Customer Support if the output ends with the following message:
    “no matches found”

  4. Install the NFS programs, using the following command:

    yum install nfs-utils nfs-utils-lib

    The output prompts for y or n. Type y and press ENTER.

    The NFS packages are successfully installed.

Mount the Warehouse on the Warehouse Connector

To mount RSA NetWitness Warehouse on the appliance:

  1. Create a new directory named /saw, using the following command:
    mkdir /saw
  2. Enter the following command:
    ll /
    The new directory is displayed.
  3. Mount the Warehouse, using the following command:
    mount -t nfs -o nolock,tcp,hard,intr <IP_Address_for_SAW>:/mapr/<cluster-name> /saw
    Where <IP_Address_for_SAW> is the IP address of the primary Warehouse appliance in the cluster and <cluster-name> is the name provided in the template file. 

    4. Note: If a virtual IP address is configured for the Warehouse, you have to use it as the IP address in <IP_Address_for_SAW>.

  4. Verify if the Warehouse is mounted successfully, using the following command
    mount
    The IP address of the primary Warehouse appliance and other details you have provided in step 3 appear in the last line of the output message.
  5. List the content in the newly created directory, /saw, using the following command:
    ll /saw
    The following directories are displayed:
    hbase
    index-scratch
    jars
    logs
    user
    var
  6. To add NFS to the Auto-mount options. Do the following:
    1. To check if the IP address of the primary Warehouse appliance and other details you have provided while mounting Warehouse appears in /etc/fstab, enter the following command:
      cat /etc/fstab
      If the detail does not appear in the /etc/fstab file, perform the following steps.
    2. Enter the following command:
      tail –n 1 /etc/mtab
      The IP address of the primary Warehouse appliance and other details you provided while mounting Warehouse appear in the last line of the output message.
    3. Enter the following command:
      tail –n 1 /etc/mtab >> /etc/fstab
    4. Edit the /etc/fstab file to add the word ‘auto’ at the end of the file. Enter the following command:
      vi /etc/fstab
      For example, 10.11.111.11:/mapr/saw /saw nfs rw,nolock,tcp,auto,addr=10.11.111.11 0 0
Previous Topic:Configure MapR
Next Topic:Manage MapR
You are here
Table of Contents > Configure Warehouse Connector to Write to NetWitness Warehouse

Attachments

    Outcomes