What are the requirements for inter-component sharing data from RSA Web Threat Detection?
2 years ago
Originally Published: 2017-05-08
Article Number
000067718
Applies To
RSA Product Set: Web Threat Detection
RSA Product/Service Type: Mitigator
RSA Version/Condition: 5.1, 6.x
 
Issue
A Customer may have questions on how to share or move data across different file shares in the OS filesystem.  They also may ask why they cannot see certain data in the Forensics User Interface, after making a change to WTD.  For example, putting a component on a new server. 


Example Customer Question --
We moved the mitigator to a separate server. Since then, the reporting graph is not working and hourly alerts are not displayed on the Alerts tab within the UI. We are sharing the directories /silvertail/data/shared/eds, edsserver and alerts as well as the mitigator.rules across both servers (mitigator and analytical servers). Are we missing something that needs to be shared as this issue appeared when we moved the mitigator to a separate server? 
Resolution
For sharing files across WTD components that may be on other servers.

Share the  var/opt/silvertail/data directory and subdirectories including 
/data/alerts
/data/edsserver
/data/logs
/data/reports
/data/tasks

The requirements for an external directory, no matter what the hardware or infrastructure technology(e.g., NAS, FiberOptic,etc.) is that this directory must appear as a normal directory when doing a directory listing command in RHEL or CentOS Linux.  You cannot use a symlink to point to one of the above locations.
 

Related Articles

Trending Articles

Don't see what you're looking for?