.png?width=180&height=32&name=NW%20Logo%20(2).png){kind=small}
RSA Security Analytics error on Event Source Monitoring Page: Cannot connect to System Monitoring Service
Issue
The Event Source Monitoring tab shows the following error:Cannot connect to System Monitoring Service
Resolution
To resolve this issue, restart the services on SA server in the following order:
stop jettysrv
service rsa-sms stop
service rsa-sms start
start jettysrv
service rsa-sms stop
service rsa-sms start
start jettysrv
If the stopping and starting of services does not resolve the issue, follow the steps below.
NOTE: Using the steps below will clear all the logstats on the LD, and ESM data on SA, so you won't be able to see any old log stats.
- Navigate to Administration > Services > Decoders > System.
- Select Reset Log Stats to clear the logstats on all of the log decoders.
- Stop the collectd service on the SA server:
service collectd stop
- Delete the ESM Aggregator cache from /var/lib/netwitness/collectd/ESMAggregator on the SA server:
rm -rf /var/lib/netwitness/collectd/ESMAggregator
- Start the collectd service on the SA server:
service collectd start
- Restart SMS:
service rsa-sms restart
Product Details
RSA Product Set: RSA Security AnalyticsRSA Product/Service Type: SA Server
RSA Version/Condition: 10.5.x,10.6.x
Platform: CentOS
O/S Version: EL6
Approval Reviewer Queue
Technical approval queue