Article Number | 000035664 |
Applies To | RSA Product Set: NetWitness Logs & Packets RSA Product/Service Type: Appliance RSA Version/Condition: 11.0 Platform: CentOS |
Issue | A user needs to access data on the on-board hard drives of an RSA NetWitness appliance for a physical device where a migration to version 11.0 failed before the OS was installed but after the LV (logical volume) changes took place using the 11.0 image. |
Resolution | Follow the steps below to access the on-board hard drives for any physical devices.
- Boot the Rescue kernel from the troubleshooting menu on the 11.0 image.
 - Select Option #3: Skip to shell
 - Execute the commands below.
modprobe dm-mod vgchange -ay
- Verify that all logical volumes are now active using the command below.
lvscan
 - Mount all of the logical volumes that are not external storage by executing the command below with the ... and mountX being equal to the total number of logical volumes that are available.
mkdir -p /mnt/mount1 /mnt/mount2 ... /mnt/mountX
 - Mount the logical volumes by executing the command below, modifying the XX-XXX as needed to fit the use case.
mount -o ro /dev/VolGroupXX-XXX /mnt/mount1
 At this point all files are accessible and can be moved to alternative storage locations. When finished, manually unmount the logical volumes that were manually mounted before rebooting the device. |