Install NetWitness Export Connector

Do the following steps to install NetWitness Export Connector .

  1. Download the offline installer from RSA Link in the following location: NetWitness Export Connector Installer.

  2. Copy the downloaded NetWitness ZIP archive to the system where Logstash runs.

  3. Open a command prompt and run the following command to change directory to Logstash home.
    cd /usr/share/logstash

  4. Check the status of the Logstash service by running the following command.
    systemctl status logstash
  5. Stop the Logstash service by running the following command.
    systemctl stop logstash
  6. Install the NetWitness Export Connector by running the following command.
    bin/logstash-plugin install file:///<path-to-file>/netwitness-export-connector-x.x.x.zip
  7. Make sure that all the required configuration files (netwitness-<decoder-ip>-input.conf) are available in the following folder.
    /etc/logstash/conf.d/
  8. Start the Logstash service by running the following command.
    systemctl start logstash