Removing Unnecessary Services

Video created by Jon Hill Employee on Oct 4, 2016

    This is a brief video explaining how to remove unnecessary services from Netwitness Hosts. 


    Output of


    [19f6608b-96be-4cdc-96dc-6835ad489a03] reporting-engine saserver appliance broker ipdbextractor incident-management base

    [0088aba3-614e-4c9b-93e3-b6b09148ed54] concentrator logdecoder base appliance logcollector

    [5bb24498-424a-4083-a8b7-2e2211d9cb32] concentrator base appliance decoder

    [5d5a5c3e-f1e7-4e37-a269-eca68780ebab] appliance base malware-analysis broker


    To remove ipdbextractor:

    • Stop the services
      • service puppet stop
      • stop nwipdbextractor (this takes a long time - possibly 10 minutes or more)
    • Remove the service from puppet, using the script and the UUID of the SA server. (make sure you list ALL the services you want + base, comma separated)
      • /etc/puppet/scripts/ 19f6608b-96be-4cdc-96dc-6835ad489a03 reporting-engine,saserver,appliance,broker,incident-management,base
    • Remove the service from Collectd
      • rm -f /etc/collectd.d/NwIPDBExtractor.conf
    • Uninstall the service
      • yum erase nwipdbextractor
    • Restart Puppet Service
      • service puppet start
    • Remove the Service from SA UI Service page
    • Disable the IPDB extractor policy in H&W


    Updated 12/6/2017 

    mongoexport --csv -d puppet -c nodes -f node,classes 2>/dev/null | grep -e ^\" | sed -e 's/["{}: \+]//g' -e 's/,/ /g' | awk '{ printf "[\033[1;34m" $1 "\033[0m] "; for (i = 2; i <= NF; i++) if ($i<=NF) { printf "%s,", $i} else { printf "%s,", $i}; {printf "\n"} }'| sed -e 's/,$//g'


    Thanks to John Snider for the base steps and script.