.png?width=180&height=32&name=NW%20Logo%20(2).png){kind=small}
What to consider on NetWitness when the admin password for the core appliance or service has been changed.
Issue
The admin password has been configured but, these logs are still seen in /var/log/messages:
[Login] [audit] Failed login attempt for user 'admin' from 127.0.0.1:49754, invalid password
[Login] [audit] Failed login attempt for user 'admin' from [EventStreamAnalysisIP]:49754, invalid password
[Login] [audit] Failed login attempt for user 'admin' from [EventStreamAnalysisIP]:49754, invalid password
[EventStreamAnalysisIP] = The IP of the ESA device.
Cause
Changing the admin password can affect the connections of other devices, data sources, and services connected to it.This can also be a symptom of dashboards that fail to properly load because the connection is interrupted or invalid.
Resolution
Note: If you change the username or password of an admin user that is connected with a data source, you must remove and re-add the Data Source(s).
It is a good practice when changing the admin password to:
- Check the log, test the connections, and data sources after changing the admin password.
- Change the admin password of each service from the default.
- Create a different password for the admin account on each service.
Please consider the following reference before changing an admin password on Netwitness:
Reference: https://community.netwitness.com/s/article/ChangetheDefaultAdminPasswords
Product Details
RSA Product Set: NetWitness PlatformRSA Product/Service Type: NetWitness Core Appliance
RSA Version/Condition: 11.x , 12.x
Summary
What do I need to know before changing the admin password?
Approval Reviewer Queue
Technical approval queue