Skip navigation

Log in to create and rate content, and to follow, bookmark, and share content with other members.

000017415 - Reporting Engine appears down in the RSA NetWitness Platform UI or is returning no results in Rules

Document created by RSA Customer Support

on Jun 14, 2016•Last modified by RSA Customer Support on Sep 26, 2019

Version 3Show Document

Like • Show 0 Likes0
Comment • 0
View in full screen mode

Article Content

Article Number	000017415
Applies To	RSA Product Set: NetWitness Logs & Network RSA Product/Service Type: Reporting Engine RSA Version/Condition: 10.6.x, 11.x
Issue	RSA NetWitness Reporting Engine service is down, and cannot be started. In the NetWitness UI for Reports, Mange > Rules is not displaying any rules. Want to reset the Reporting Engine service back to the default initial setup.
Resolution	Warning! These steps will delete all the existing Reporting Engine rules, reports, charts and alerts. It is recommended to export a copy of all Reporting Engine rules, reports, charts, alerts through the NetWitness UI if they are accessible. To reset the Reporting Engine service back to the default initial setup, which deletes all existing rules, reports, charts and alerts. Connect to the NetWitness server appliance which runs the Reporting Engine service via SSH and issue the commands below to resolve the issue. NetWitness 11.x Confirm there is sufficient free disk space on the mount that the /var/netwitness/re-server/rsa/soc/reporting-engine directory belongs in. The below command will show the current disk space usage of the mount, and the disk space used by the current reporting-engine directory. df -hP `findmnt -n -o SOURCE --target /var/netwitness/re-server/rsa/soc/reporting-engine` du -sh /var/netwitness/re-server/rsa/soc/reporting-engine Rename the current reporting-engine directory as a backup. systemctl stop jetty systemctl stop rsasoc_re rm -rf /tmp/reporting-engine* mv /var/netwitness/re-server/rsa/soc/reporting-engine /var/netwitness/re-server/rsa/soc/reporting-engine.old systemctl start jetty After following the above commands, wait 5-10 minutes for the jetty service to fully start, and then attempt to access the NetWitness UI login page. Once you are able to do so, return to the SSH session and issue the below two commands to complete the process. /opt/rsa/soc/reporting-engine/bin/setup.sh systemctl start rsasoc_re NetWitness 10.6.x 2. Confirm there is sufficient free disk space on the mount that the /var/netwitness/re-server/rsa/soc/reporting-engine directory belongs in. The below command will show the current disk space usage of the mount, and the disk space used by the previous reporting-engine.old directory. df -hP `findmnt -n -o SOURCE --target /var/netwitness/re-server/rsa/soc/reporting-engine` du -sh /var/netwitness/re-server/rsa/soc/reporting-engine 3. Rename the current reporting-engine directory as a backup. stop jettysrv stop rsasoc_re rm -rf /tmp/reporting-engine* mv /home/rsasoc/rsa/soc/reporting-engine /home/rsasoc/rsa/soc/reporting-engine.old start jettysrv 4. After following the above commands, wait 5-10 minutes for the jettysrv service to fully start, and then attempt to access the NetWitness UI login page. Once you are able to do so, return to the SSH session and issue the below two commands to complete the process. /opt/rsa/soc/reporting-engine/bin/setup.sh start rsasoc_re If you are unsure of any of the steps above or encounter any issues, contact RSA Support and quote this article ID for assistance.
Legacy Article ID	a65407

Attachments

Outcomes

0 Comments

Recommended Content