Article Content
Article Number | 000038138 |
Applies To | RSA Product Set: NetWitness Platform RSA Product/Service Type: ESA host/ESA Correlation service RSA Version/Condition: 11.3.x |
Issue | In RSA NetWitness Platform 11.3.x, it is slightly more difficult to enable custom Esper Java libraries for those customers who have built their own EPL extensions in Java. For those customers, upgrading to 11.3.x can create an issue with their alerts that previously used their custom EPL extensions. Without the extended rules (Esper + Java Libraries), customers do not have full visibility of some pattern detection which increases noise for their Analysts, decreasing their productivity. |
Workaround | The known fix for this issue is as follows:
JAVA_OPTS="XX:+UseG1GC -Djava.security.egd=file:/dev/./urandom ${JAVA_MAX_HEAP_GB:-Xmx164G} -Dloader.path=/opt/rsa/lib/myjar/ -javaagent:/var/lib/netwitness/esper-enterprise/esperee-utilagent-8.2.0.jar"
file:/opt/rsa/lib/esper-config.xml
systemctl restart rsa-nw-correlation-server |
Notes | For the RSA NetWitness 11.4 version of this article, see 000038371 - Cannot access custom Esper Java libraries in RSA NetWitness Platform 11.4 |