000029142 - RSA Security Analytics 10.4 investigation shows "Loading Values" message but no results are returned

Document created by RSA Customer Support Employee on Jun 14, 2016Last modified by RSA Customer Support Employee on Apr 21, 2017
Version 4Show Document
  • View in full screen mode

Article Content

Article Number000029142
Applies ToRSA Product Set: Security Analytics
RSA Product/Service Type: Security Analytics UI, Security Analytics Server
RSA Version/Condition: 10.4.x
Platform: CentOS
O/S Version: EL6
IssueThe following symptoms are seen:
  • The Investigation screen shows a "Loading Values" message but no results are displayed regardless of the amount of time that has elapsed.
  • The /var/log/messages file on the concentrator shows queries being queued and executed quickly.
  • The physical link layer appears to be slower than normal.
  • The browser is on a different subnet to the SA Server, and there is a proxy between the two devices.
TasksA proxy or other web security device can block the connection to the SA GUI Server.
Although some content is displayed, some may also be blocked.  
A direct connection to the SA GUI Server, which bypasses any type of proxy or tunnel, can be used to confirm this issue.
 
ResolutionTo simulate a direct connection to the SA Server, use Putty to SSH to the SA GUI Server and then create a tunnel. This is done as follows.
In this example the IP address of the SA GUI Server is 192.168.123.4
  1. Create a normal SSH Connection in Putty to the server and SAVE the connection
    User-added image
  2. Under SSH Tunnel configure the following. This will tunnel all connections made on the browser computer localhost port 2000 down the tunnel to the SA GUI Server on port 443.
    User-added image
  3. Make sure that You click on Session and SAVE to save these settings
  4. Open the connection that you created and log in to the SSH Session as the root user.
  5. Open a browser and type https://localhost:2000
  6. You will now be directed to the Security Analytics GUI. All traffic is being sent encrypted via the SSH Tunnel and so cannot be intercepted by any web proxy or other device. As a result you are testing directly.
    User-added image
If you are unsure of any of the steps above or experience any issues, contact RSA Support and quote this article number for further assistance.

Attachments

    Outcomes