Is anybody have an updated and working nicsftpagent.sh script for SAP (Based on Unix) integration with RSA SA then please upload here, the script which i got form Knowledgebase in not working showing an error when i run that script in unix. 
Is anybody have an updated and working nicsftpagent.sh script for SAP (Based on Unix) integration with RSA SA then please upload here, the script which i got form Knowledgebase in not working showing an error when i run that script in unix.
which version is yours? I just downloaded which is - Automated FTP/SCP/SFTP Script v2.7.12.
Did you configure the required parameters?
hi patriot,
to download that script i just click on Unix nic ftp sgent and got that script. from the below addres of rsa knowledgbase and yes i have configured the required parameter also in script and also tried with nicsftp.conf file
there are two locations in the script which contains the errors:
Can you check whether the NIC folder exists or Data Dir?
### Test that NIC directory exists
if [ ! -d "$NIC_DIRECTORY" ]
then
echo "$NIC_DIRECTORY cannot be found."
exit 1
fi
PWD=`pwd`
### Test that each of the data directories exists
for d in `echo "$DATA_DIRECTORY" | awk '{split($0, a, ":"); for (i in a) print a[i]; }'`
do
if [ ! -d $d ]
then
echo "$d cannot be found."
exit 1
elif [ -d "$NIC_DIRECTORY$d" ]
then
# Clear out old tracking files
Hi Patriot,
Thanks for the help but I am still confused which file I have to delete and yes Nic directory is exist in /usr/local/nic and data directory is also exist which I have write in conf file.
Hi patriot,
can you tell me which line i have to delete or if you have any updated script then please upload here.
i don't think you need to delete any line. we're using the same file.
can you run this:
sh -x
it will output all the details.
i got the same output even with your script.
apecchrt:/usr/local/nic # ./nicsftpagent.sh
cannot be found.
apecchrt:/usr/local/nic # sh -x nicsftpagent.sh
+ PATH=/usr/xpg6/bin:/usr/xpg4/bin:/usr/css/bin:/sbin:/usr/sbin:/usr/local/sbin: /root/bin:/usr/local/bin:/usr/bin:/bin:/usr/bin/X11:/usr/X11R6/bin:/usr/games:/u sr/lib/mit/bin:/usr/lib/mit/sbin
+ ENVISION=10.10.30.187
+ DATA_DIRECTORY=/usr/sap/ECH/DVEBMGS00/log
+ ENVISION_DIRECTORY=SAP_44
+ NIC_DIRECTORY=/usr/local/nic
+ TRANSFER_METHOD=FTP
+ USERNAME=anonymous
+ PASSWORD=default
+ IDENTITY=/root/.ssh/id_rsa
+ FILESPEC='rsa_sap_audit*'
+ UPLOAD_SPEC=tmp
+ FLAG_REMOVE_FILE_AFTER_SEND=no
+ NUMBER_OF_OUTPUT_LINE_ON_SFTP_SUCCESS=6
+ NUMBER_OF_OUTPUT_LINE_ON_FTP_SUCCESS=3
+ NIC_CONFIG=nicsftpagent.conf
+ SCRIPT_NAME=nicsftpagent.sh
+ KILL_RUNNING_AFTER=300
+ USETAIL=0
+ USEHEAD=0
+ '[' -f /usr/local/nic/nicsftpagent.conf ']'
+ . /usr/local/nic/nicsftpagent.conf
++ SILENT=$'true\r'
++ ENVISION=$'10.10.30.187\r'
++ ENVISION_DIRECTORY=$'SAP_10.10.28.44\r'
++ DATA_DIRECTORY=$'/usr/sap/ECH/DVEBMGS00/log\r'
++ NIC_DIRECTORY=$'/usr/local/nic\r'
'+ FILESPEC='rsa_sap_audit*
++ TRANSFER_METHOD=$'SFTP\r'
++ USERNAME=$'nic_sshd\r'
++ NUMBER_OF_OUTPUT_LINE_ON_FTP_SUCCESS=$'3\r'
+ '[' $'xtrue\r' = x ']'
+ '[' -f $'/usr/local/nic\r/running10.10.30.187\r' ']'
++ date +%Y%m%d%H%M%S
+ TIMENAME=20131226144923
+ '[' $'xtrue\r' = x ']'
+ '[' '!' -d $'/usr/local/nic\r' ']'
cannot be found.'/nic
cannot be found.
+ exit 1
apecchrt:/usr/local/nic #
i know whats the problem as i simulated the issue with your config file.
The conf file contains the special char "CR", please remove all of them.
You can use notepad++, search for '\r' the replace with ''
Hi Patriot,
i just check that conf file but i have not found any character that you told, well i am attaching my configured script and also configuration file's screen shot.
vi cannot see, can you download notepad++ and show all the characters?
have also tried in Notepad++ but still i am not able to see, please have a look on attached screen shot
view - show symbol - show all characters...
Hi patriot,
you right i got that symbol and removed that CR but i am not able to remove LF or we do not need to
remove it???
No need, please try.
Hi patriot,
thanks it works.
according to nic _sftp _shell _script guide we have to do for adding SA collector as known host:
On the UNIX system, follow these steps to add the RSA enVision appliance to the
list of known hosts:
a. Verify that you are logged on to the RSA enVision console as root.
b. To add the RSA enVision appliance to the list of known hosts, run the following
command:
sftp -o IdentityFile=~/.ssh/id_rsa nic_sshd@
1.2.3.4
where 1.2.3.4 is the IP address of the enVision appliance that will be collecting
the data.
c. When prompted to continue, type yes.
but i am not getting to enter right password have a look on attached screen shot, i have already added the unix nic sshd public key in log collectoer 
i nvr done this before, just some advise, are you able to login to envision server with id: nic_sshd?
you can try locally: ssh nic_sshd@localhost, maybe the the password is wrong, or its not allowed to login as ssh.
i got it and script output is that it processing but then too there is not data in SA directory, please have a look on attached text file.
**** No new data in audit_20131231. how many times you have run?
i have tried to run three or might be four time with support person because before this it was not showing like process audit_?
and we were not able to found anything in local directory or decoder directory?
which directory you refer to?
/usr/sap/ECH/DVEBMGS00/log as DATA directory for SAP logs,
SAP_10.10.28.44 as ENVISION_DIRECTORY that we have created in Local collector
/usr/local/nic where we have kept script
we have seen all these directory but not got anything
To send log files from a server to SA Log Decoder, we had to do a lot of things! We have to use "sftp" user and we needed to change sshd_config file and change the owner of in /var/netwitness/logcollector/upload directory. We integrated a Microsoft IIS Server and BlueCoat Reportes. The first device type is working ok..but the other not. I'll appreciate if you can share your experience with NIC SFTP Agent.
can you try to remove the logs from:
usr/local/nic/usr/sap/ECH/DVEBMGS00/log
and try again?
,Hi Patriot
u mean remove all logs from /usr/sap/ECH/DVEBMGS00/log ?
yes, remove, it contains the history. Or backup first.
Hi Patriot,
if we used IPDB to extract the report by using SA , then do we need Z connector to install on envision server or in case when we want send logs from enVision to Decoder then only we need to install z connector?
is there any document available for Z connector?
for z connector, it's used for sending logs which collected by envision. You no need to install and configure zconnector if you only do IPDB reports.
you can search SCOL for the z connector but it's old version. or open a support case with support for the latest version.
https://knowledge.rsasecurity.com/scolcms/knowledge.aspx#a61808
Hi Patriot,
I got an serious problem that’s related to envision I just restart the server and got that NIC web server service is down then I try to restart it but got an error message see that I am attaching with this mail. Then I just see the webserver log and found that it showing error :44 lockbox file not found, I am also sending you log. and i also try to restart the nic server manager.
Can you please help me on this?
sorry as i don't have exp on envision.
i know whats the problem as i simulated the issue with your config file.
The conf file contains the special char "CR", please remove all of them.
You can use notepad++, search for '\r' the replace with ''