.png?width=180&height=32&name=NW%20Logo%20(2).png){kind=small}
Initialization error on RSA NetWitness Concentrator
Issue
Concentrator aggregation stops due to an Initialization error. Below error appears in /var/log/messages.
Module concentrator failed to load: Diagnostic information: Throw in function nw::LanguageTokenPtr nw::Language::addToken(const nw::LanguageKey&, NwVariantFormat, const string&, nw::LanguageToken::TokenLevel, nw::uint32, nw::uint32, nw::uint32, nw::uint32, nw::uint32, nw::LanguageToken::NGram, double)
Dynamic exception type: boost::exception_detail::clone_impl<nw::LogicError>
std::exception::what: Language key Function conflicts with function, cannot add two keys with the same case insensitive names
[boost::errinfo_at_line_*] = 152
Dynamic exception type: boost::exception_detail::clone_impl<nw::LogicError>
std::exception::what: Language key Function conflicts with function, cannot add two keys with the same case insensitive names
[boost::errinfo_at_line_*] = 152
Cause
The index-concentrator.xml and index-concentrator-custom.xml contain the same Function meta key with insensitive names.For example,
GOOD: index-concentrator.xml
<key description="Function" name="
function" format="Text" level="IndexValues" valueMax="100"/>
WRONG: index-concentrator-custom.xml
<key description="Function" level="IndexValues" name="
Function" format="Text" valueMax="100000" defaultAction="Open"/>
Resolution
Change the name for the meta key Function in case sensitive from /etc/netwitness/ng/index-concentrator-custom.xmlFROM:
<key description="Function" level="IndexValues" name="
Function" format="Text" valueMax="100000" defaultAction="Open"/>
TO:
<key description="Function" level="IndexValues" name="
function" format="Text" valueMax="100000" defaultAction="Open"/>
Product Details
RSA Product Set: RSA NetWitness PlatformRSA Product/Service Type: Core Appliance
RSA Version/Condition: 11.x
Approval Reviewer Queue
RSA NetWitness Suite Approval Queue