You must enable the Warehouse Connector services to write to RSA NetWitness Warehouse.
To configure Warehouse Connector to write to the NetWitness Warehouse, perform the following tasks on the Log Decoders and Decoders where the Warehouse Connectors are installed:
Note: If you are configuring on a virtual environment, perform these tasks on a standalone Warehouse Connector server.
Verify the Network File System (NFS) Services Status
To verify the NFS services status:
- Log on to the Warehouse Connector appliance where you have installed the Warehouse Connector service.
- Enter the following command:
rpm –qa |grep
nfs
The NFS package names appear in the output message. For example:nfs-utils-lib-1.1.5-6.el6.x86_64
nfs-utils-1.2.3-36.el6.x86_64
- If the output message is empty, install the NFS packages.
Install the Network File System Packages
Prerequisites
If the NFS packages are already downloaded on the appliances manually, install the packages and mount RSA NetWitness Warehouse. You need to have internet access to complete this task. If internet access is not available, you must download the RPM packages offline and copy them to this machine for installation.
Note: Install the NFS packages only if the NFS packages are not displayed when you verify the status of NFS in the Warehouse Connector appliance or on the appliance where you have installed the Warehouse Connector service.
To install NFS packages:
- Log on to the Warehouse Connector appliance or on the appliance where you have installed the Warehouse Connector service.
-
Verify the NFS status, using the following command:
rpm –qa |grep nfs
The NFS package names appear in the output message. For example:
nfs-utils-lib-1.1.5-6.el6.x86_64
nfs-utils-1.2.3-36.el6.x86_64If the
nfs-utils
andnfs-utils-lib
are properly identified, you can skip the remaining steps in this procedure (Install the Network File System Packages). -
Search for NFS package, using the following command:
yum search nfs-utils
The output ends with the following message:
“name and summary matches only, use “search all” for everything.”
Note: Contact RSA Customer Support if the output ends with the following message:
“no matches found”
-
Install the NFS programs, using the following command:
yum install nfs-utils nfs-utils-lib
The output prompts for y or n. Type y and press ENTER.
The NFS packages are successfully installed.
Mount the Warehouse on the Warehouse Connector
To mount RSA NetWitness Warehouse on the appliance:
- Create a new directory named /saw, using the following command:
mkdir /saw
- Enter the following command:
ll /
The new directory is displayed. - Mount the Warehouse, using the following command:
mount -t nfs -o
nolock,tcp,hard,intr <IP_Address_for_SAW>:/mapr/<cluster-name> /saw
Where<IP_Address_for_SAW>
is the IP address of the primary Warehouse appliance in the cluster and<cluster-name>
is the name provided in the template file. - Verify if the Warehouse is mounted successfully, using the following command
mount
The IP address of the primary Warehouse appliance and other details you have provided in step 3 appear in the last line of the output message. - List the content in the newly created directory, /saw, using the following command:
ll /saw
The following directories are displayed:
hbase
index-scratch
jars
logs
user
var - To add NFS to the Auto-mount options. Do the following:
- To check if the IP address of the primary Warehouse appliance and other details you have provided while mounting Warehouse appears in /etc/fstab, enter the following command:
cat /etc/fstab
If the detail does not appear in the /etc/fstab file, perform the following steps. - Enter the following command:
tail –n 1 /etc/mtab
The IP address of the primary Warehouse appliance and other details you provided while mounting Warehouse appear in the last line of the output message. - Enter the following command:
tail –n 1 /etc/mtab >> /etc/fstab
- Edit the /etc/fstab file to add the word ‘auto’ at the end of the file. Enter the following command:
vi /etc/fstab
For example,10.11.111.11:/mapr/saw /saw nfs rw,nolock,tcp,auto,addr=10.11.111.11 0 0
- To check if the IP address of the primary Warehouse appliance and other details you have provided while mounting Warehouse appears in /etc/fstab, enter the following command:
Note: If a virtual IP address is configured for the Warehouse, you have to use it as the IP address in <IP_Address_for_SAW>
.