.png?width=180&height=32&name=NW%20Logo%20(2).png){kind=small}
Error when trying to add Incident Management as a data-source to Context Hub in RSA NetWitness Logs and Packets
Issue
When trying to add IM as a data-source to the Context Hub, an error like the following is received:
"
Error: A service already exists on port 27017"
Cause
The issue can occur if IM was added as a datasource in earlier versions of SA with incomplete information (i.e. IM Password not typed) and no longer shows up on the Data Sources tab but still exists in the Context Hub catalogConfiguration.cfg file.
Resolution
SSH into the ESA appliance and perform the following steps to reset the Context Hub configuration:1. Stop the rsa-context service:
service rsa-context stop
2. Rename catalogConfiguration.cfg
cd /opt/rsa/context/conf/
mv catalogConfiguration.cfg catalogConfiguration.cfg.bkp
3. Start the rsa-context service:
mv catalogConfiguration.cfg catalogConfiguration.cfg.bkp
service rsa-context start
4. Make sure you are able to login to context-hub mongo database as follows:
[root@esa bin]# mongo context-wds -u context -p context
TokuMX mongo shell v1.4.2-mongodb-2.4.10
connecting to: context-wds
TokuMX mongo shell v1.4.2-mongodb-2.4.10
connecting to: context-wds
At this point you should now be able to add Incident Management as a Data Source to the Context Hub
Product Details
NetWitness Product Set: NetWitness PlatformNetWitness Product/Service Type: All Nodes
NetWitness Version/Condition: 12.x
Platform: CentOS/Alma Linux
Approval Reviewer Queue
Technical approval queue