Resolution | Warning! These steps will delete all the existing Reporting Engine rules, reports, charts and alerts. It is recommended to export a copy of all Reporting Engine rules, reports, charts, alerts through the NetWitness UI if they are accessible.
To reset the Reporting Engine service back to the default initial setup, which deletes all existing rules, reports, charts and alerts.
- Connect to the NetWitness server appliance which runs the Reporting Engine service via SSH and issue the commands below to resolve the issue.
NetWitness 11.x - Confirm there is sufficient free disk space on the mount that the /var/netwitness/re-server/rsa/soc/reporting-engine directory belongs in. The below command will show the current disk space usage of the mount, and the disk space used by the current reporting-engine directory.
df -hP `findmnt -n -o SOURCE --target /var/netwitness/re-server/rsa/soc/reporting-engine` du -sh /var/netwitness/re-server/rsa/soc/reporting-engine
- Rename the current reporting-engine directory as a backup.
systemctl stop jetty systemctl stop rsasoc_re rm -rf /tmp/reporting-engine* mv /var/netwitness/re-server/rsa/soc/reporting-engine /var/netwitness/re-server/rsa/soc/reporting-engine.old systemctl start jetty
- After following the above commands, wait 5-10 minutes for the jetty service to fully start, and then attempt to access the NetWitness UI login page. Once you are able to do so, return to the SSH session and issue the below two commands to complete the process.
/opt/rsa/soc/reporting-engine/bin/setup.sh systemctl start rsasoc_re
NetWitness 10.6.x
2. Confirm there is sufficient free disk space on the mount that the /var/netwitness/re-server/rsa/soc/reporting-engine directory belongs in. The below command will show the current disk space usage of the mount, and the disk space used by the previous reporting-engine.old directory.
df -hP `findmnt -n -o SOURCE --target /var/netwitness/re-server/rsa/soc/reporting-engine` du -sh /var/netwitness/re-server/rsa/soc/reporting-engine
3. Rename the current reporting-engine directory as a backup.
stop jettysrv stop rsasoc_re rm -rf /tmp/reporting-engine* mv /home/rsasoc/rsa/soc/reporting-engine /home/rsasoc/rsa/soc/reporting-engine.old start jettysrv
4. After following the above commands, wait 5-10 minutes for the jettysrv service to fully start, and then attempt to access the NetWitness UI login page. Once you are able to do so, return to the SSH session and issue the below two commands to complete the process.
/opt/rsa/soc/reporting-engine/bin/setup.sh start rsasoc_re
If you are unsure of any of the steps above or encounter any issues, contact RSA Support and quote this article ID for assistance. |