|Applies To||RSA Product Set: Security Analytics, NetWitness Logs & Network|
RSA Product/Service Type: Health & Wellness, Security Analytics Server, Core Services
|Issue||Besides the Health and Wellness monitoring section available from the RSA NetWitness Platform UI, it may sometimes be useful to retrieve important historical info such as Memory, CPU, disks IO, Swap and network traffic directly from CentOS CLI using SAR.|
|Tasks||CentOS provides by default a cron job set up in /etc/cron.d/sysstat that populates /var/log/sa/ with these important system logs and stores them for a month.|
We can extract info from the logs ordered by the most recent one using the scripts below thanks to the Sar command on every Security Analytics appliance.
NETWORK (all NICs)
The scripts will create respectively sar_debug_memory.log, sar_debug_Swap.log, sar_debug_cpu.log, sar_debug_IO.log, sar_debug_Network.log files and we can view the files using vi editor for example (if ran from the /root directory):
Please note the average at the end of everyday report:
For more info about the columns and options, I would suggest to consult the SAR man page.