000026843 - How to create a new Log Collector lockbox within RSA Security Analytics

Document created by RSA Customer Support Employee on Jun 14, 2016Last modified by RSA Customer Support on Sep 23, 2019
Version 3Show Document
  • View in full screen mode

Article Content

Article Number000026843
Applies ToRSA Product Set: Security Analytics
RSA Product/Service Type: Log Collector
RSA Version/Condition: 10.x
Platform: CentOS
O/S Version: 6
IssueHow to create a new Log Collector lockbox within RSA Security Analytics.

In some circumstances, it may be necessary to create a new lockbox for the Log Collector in RSA Security Analytics.  An example of this would be when Event Sources cannot be added and the user is getting the error "Can't open lockbox."  To do so, follow the steps below.

(Please note that all stored passwords for the event sources will need to be re-entered after the new lockbox is created.)

  1. Connect to the Log Collector appliance via SSH as the root user.
  2. Change directory to /etc/netwitness/ng/vault/ with the following command:  cd /etc/netwitness/ng/vault
  3. Make a new directory to backup the existing lockbox with the following command:  mkdir old
  4. Move the existing lockbox files to that directory with the following command:  mv -vi lockbox lockbox.FCD lockbox.bak lockbox.bak.FCD old
  5. Log in to the RSA Security Analytics UI and navigate to Administration -> Devices.
  6. Select the Log Collector device and click on View -> Config.
  7. Click on the Settings tab.
  8. Leave the "Old Lockbox Password" field blank and enter a new password in the "New Lockbox Password" field.
  9. Click Apply.


If you are unsure of any of the steps above or experience any issues, contact RSA Support and quote this article ID for further assistance.

Legacy Article IDa65154