.png?width=180&height=32&name=NW%20Logo%20(2).png){kind=small}
Issue
Customer upgraded the entire Newitenss system including Malware 11.2.0.1 to 11.5.2 on 3/13.Since then, no information logged in spectrum.log of Malware as shown below.
Upgrade was done with the following 2 stages.
- 11.2.0.1 > 11.3.2.1
- 11.3.2.1 > 11.5.2
It seems that this issue has occurred right after the upgrade to 11.3.2.1.
Cause
A lucene index write lock could be the reason because Malware cleans up old lucene indexes in the post-install script as part of the upgrade process.
Resolution
To resolve the issue, you need to follow the below steps.- Stop Malware Service
# systemctl stop rsa-nw-malware-analytics-server.service
- Backup existing Malware log
# mkdir /var/netwitness/malware-analytics-server/spectrum/logs_old
# mv /var/netwitness/malware-analytics-server/spectrum/logs/* /var/netwitness/malware-analytics-server/spectrum/logs_old/ - Start Malware Service
# systemctl start rsa-nw-malware-analytics-server.service
Then, you are able to see that sepctrum.log of Malware starts logging.
Product Details
RSA Product Set: RSA NetWitness PlatformRSA Product/Service Type: Core Appliance
RSA Version/Condition: 11.5.2.0
Platform: CentOS
O/S Version: 7
Approval Reviewer Queue
RSA NetWitness Suite Approval Queue