000017415 - Reporting engine appears down in the RSA Security Analytics UI or is returning no results in Rules

Document created by RSA Customer Support Employee on Jun 14, 2016Last modified by RSA Customer Support Employee on Apr 21, 2017
Version 2Show Document
  • Comment0
  • View in full screen mode

Article Content

Article Number000017415
Applies ToRSA Security Analytics
RSA Security Analytics Reporting Engine
IssueReporting engine appears down in the RSA Security Analytics UI or is returning no results in Rules.
The Reporting Engine is displayed in red under Administration -> Devices in Security Analytics.
Resolution

Connect to the SA server appliance via SSH and issue the commands below to resolve the issue.  Warning!  These steps will delete the Reporting Engine rules, reports, charts and alerts.  Therefore, a backup should be made via the Security Analytics UI before performing this process.


  1. Stop jettysrv
  2. Stop rsasoc_re
  3. rm -rf /tmp/reporting-engine*
  4. mv /home/rsasoc/rsa/soc/reporting-engine /home/rsasoc/rsa/soc/reporting-engine.old
  5. Start jettysrv

After you have issued the commands above, wait several minutes and then attempt to access the Security Analytics UI login page.  Once you are able to do so, return to the SSH session and issue the two commands below to complete the process.


  1. /opt/rsa/soc/reporting-engine/bin/setup.sh
  2. start rsasoc_re

 


 If you are unsure of any of the steps above or encounter any issues, contact RSA Support and quote this article ID for assistance.

Legacy Article IDa65407

Attachments

    Outcomes