|Applies To||RSA Product Set: NetWitness Platform|
RSA Product/Service Type: Local Log Collector, Remote Log Collector
RSA Version/Condition: 11.X
O/S Version: 7
|Issue||When you try to start File collection method on a Log Collector, it fails and you observe the following error message in the logs:|
|Resolution||This issue is likely due to the immutable attribute being set on the authorized_keys file in /home/upload/.ssh on the Log Collector.|
You can verify this by running the lsattr command. If you see the 'i' flag in the output, it means the immutable attribute has been set:
To resolve this, you will need to remove/unset the attribute using the chattr -i command:
Verify that the flag has indeed been removed:
You should now be able to start the File collection.
If you are unsure of any of the steps above or experience any issues, contact RSA Support and quote this article number for further assistance.