Applies To | | RSA Product Set: NetWitness Logs & Network, Security Analytics RSA Product/Service Type: Broker, Concentrator, Archiver RSA Version/Condition: 10.6,11.0,11.1, 11.2, 11.3 Platform: CentOS 6, CentOS 7 |
|
Resolution | In rare circumstances, the "Start Aggregation" or the "Stop Aggregation" capability may not respond or may not successfully stop aggregation at an appliance. If this happens, there is a simple alternative way to send the Start/Stop Aggregation command via the Device Explorer view, as shown in the steps below.
- Within Security Analytics (SA) navigate to the Admin -> Services page. Select the appropriate service (Broker, Concentrator, or Archiver) and navigate to the View -> System. Proceed to try to Stop Aggregation.
- Proceed to View -> Logs, and see if Aggregation Threads have completed successfully.
- If aggregation does not respond appropriately, navigate to the Device Explorer view, i.e. View -> Explore
- Right-Click on the '/<ServiceType>' where <ServiceType> is the name of a core service (such as a '/Concentrator') tree, and then select 'Properties'
- Select from the Properties drop-down to send the stop or start commands. Once selected, proceed to issue the Send button to send the command.
- Select to View -> Logs, and confirm that the aggregation threads have completed.
The below is an example of what the explore view looks like for an archiver service.

If you are unsure of any of the steps above or experience any issues, contact RSA Support and quote this article ID for further assistance. |