.png?width=180&height=32&name=NW%20Logo%20(2).png){kind=small}
Troubleshoot ESA
Troubleshoot ESATroubleshoot ESA
This section describes common issues that may occur while using ESA, and it suggests common solutions to these problems.
Troubleshoot ESA Correlation ServicesTroubleshoot ESA Correlation Services
Troubleshoot RSA Live Rules for ESATroubleshoot RSA Live Rules for ESA
Troubleshoot ESA RulesTroubleshoot ESA Rules
SMTP Notification Error ExampleSMTP Notification Error Example
The following SMTP notification error example is an excerpt from a correlation-server.log file, which shows an error message for sending notifications with unsupported templates. In this example, there is a rule that is configured with the GeoIP enrichment, which has a hash table as one of its fields (the GeoIPLookup meta). Because the default SMTP template is only designed to deal with metas that are either singular values or arrays that contain only singular values, such as "ip.src":"1.1.1.1" and "action":["fw:inbound-network-traffic"], sending the email notification fails due to the array containing a hash table.
FTL stack trace ("~" means nesting-related):
- Failed at: ${value!""} [in template "smtp.ftl" in macro "value_of" at line 1, column 152]
- Reached through: @value_of metadata[key] [in template "smtp.ftl" at line 85, column 141]
----
...
For "${...}" content: Expected a string or something automatically convertible to string (number, date or boolean), or "template output" , but this has evaluated to an extended_hash (LinkedHashMap wrapped into f.t.DefaultMapAdapter):
==> value!"" [in template "smtp.ftl" at line 1, column 154]