.png?width=180&height=32&name=NW%20Logo%20(2).png){kind=small}
Issue
The ESA Service stops every few minutes after an upgrade from a 10.3.x environment to a 10.4.x environment.If you run top on the system you will see a postmaster job running at 100% CPU for a long period of time before the service eventually crashes.
Cause
The issue occurs because there is a vast number of alerts in the ESA database. These need to be migrated from the old postgres database to the new mongo database.
Workaround
In order to resolve the issue, follow the steps below.- Restart the rsa-esa service by typing service rsa-esa restart on the ESA ssh console.
- Disable the alert migration by setting by going into Explore view for the ESA service in the Security Analytics UI.
- In the Explore view, navigate to Alert -> Storage -> Migration and change the Migration Complete value to be true.
- Restart the rsa-esa service again.
Product Details
RSA Product Set: Security AnalyticsRSA Product/Service Type: Event Stream Analysis (ESA)
RSA Version/Condition: 10.4.x
Platform: CentOS
O/S Version: EL6
Approval Reviewer Queue
ASOC Approval Group