000035140 - What are the requirements for inter-component sharing data from RSA Web Threat Detection?

Document created by RSA Customer Support Employee on Feb 22, 2018
Version 1Show Document
  • View in full screen mode

Article Content

Article Number000035140
Applies ToRSA Product Set: Web Threat Detection
RSA Product/Service Type: Mitigator
RSA Version/Condition: 5.1, 6.x
 
IssueA Customer may have questions on how to share or move data across different file shares in the OS filesystem.  They also may ask why they cannot see certain data in the Forensics User Interface, after making a change to WTD.  For example, putting a component on a new server. 


Example Customer Question --
We moved the mitigator to a separate server. Since then, the reporting graph is not working and hourly alerts are not displayed on the Alerts tab within the UI. We are sharing the directories /silvertail/data/shared/eds, edsserver and alerts as well as the mitigator.rules across both servers (mitigator and analytical servers). Are we missing something that needs to be shared as this issue appeared when we moved the mitigator to a separate server? 
ResolutionFor sharing files across WTD components that may be on other servers.

Share the  var/opt/silvertail/data directory and subdirectories including 
/data/alerts
/data/edsserver
/data/logs
/data/reports
/data/tasks


The requirements for an external directory, no matter what the hardware or infrastructure technology(e.g., NAS, FiberOptic,etc.) is that this directory must appear as a normal directory when doing a directory listing command in RHEL or CentOS Linux.  You cannot use a symlink to point to one of the above locations.
 

Attachments

    Outcomes