Skip to content
  • There are no suggestions because the search field is empty.

Event source monitoring is not working in RSA Security Analytics 10.6.1.0

Issue

Page shows Error:
"Failed to retrieve stats from System Monitoring Service. Check logs for details."



Cause

This can occur only in version 10.6.1.0 on Security Analytics Server due to some internal bugs for the Event Source Monitor Plugin (i.e. ESMAggregator)


Workaround

You can use the following workaround if upgrade is not possible for some reason:

1- Contact RSA Support and quote SACE-6446 and ask to provide the Patch below :

security-analytics-web-server-10.6.1.0-160901101318.1.75846cc.noarch.rpm


2- Once the Patch is obtained and downloaded, copy it to to SA server

3- ssh to SA server

4- Stop puppet service:

     service puppet stop

5- stop System Monitoring Service

    service rsa-sms stop

6- Stop RabbitMq service

  service rabbitmq-server stop

7- shutdown the UI service

  stop jettysrv

8- Remove the current package for the UI

  yum remove security-analytics-web-server

9- cd to where the package is located

10- Install the package just downloaded

  yum install security-analytics-web-server-10.6.1.0-160901101318.1.75846cc.noarch.rpm

11- Start the UI service

  start jettysrv 

12- Start the Puppet Service

  service puppet start

13- Start System Monitoring Service

  service rsa-sms start

Resolution

Upgrade to 10.6.2 ( Currently not available).


Notes

Only apply the above workaround if you are on version 10.6.1.0

Internal Comments

Archive it


Product Details

RSA Product Set: Security Analytics
RSA Product/Service Type: SA Security Analytics Server
RSA Version/Condition: 10.6.1.0
Product Name: Security Analytics Server

Approval Reviewer Queue

Technical approval queue