000017381 - Recurring error message: 'https://<ip>:<port>/sys/stats/current.time' resulted in 401 (Unauthorized); invoking error handler' in RSA Security Analytics

Document created by RSA Customer Support Employee on Jun 14, 2016Last modified by RSA Customer Support Employee on Apr 21, 2017
Version 3Show Document
  • View in full screen mode

Article Content

Article Number000017381
Applies ToRSA Security Analytics
RSA Security Analytics 10.2
RSA Security Analytics 10.3.0
RSA Security Analytics 10.3.1
RSA Security Analytics 10.3.2
IssueRecurring error message: "https://<ip>:<port>/sys/stats/current.time" resulted in 401 (Unauthorized); invoking error handler" in RSA Security Analytics.

The /var/log/messages file reports an error similar to the following:

yyyy-mm-ddThh:mm:ss","WARN","org.springframework.web.client.RestTemplate","CARLOS NextGen Heartbeat","GET request for "https://xx.xx.xx.xx:501xx/sys/stats/current.time" resulted in 401 (Unauthorized); invoking error handler

CauseThe error occurs when a CARLOS MessagEndpoint is started with invalid credentials.


A workaround to stop the events from continuously logging is to set the logging for the org.springframework.web.client.RestTemplate package to ERROR within the Security Analytics web interface.  This can be done by following the steps below.

  1. From the Unified Dashboard, navigate to Administration -> System.
  2. Click on Logging in the left pane menu.
  3. Click on the Settings tab.
  4. Under Package Configuration, drill down to the following folder:  org -> springframework (WARN) -> web ->client
  5. Click on RestTemplate.
  6. Click on the drop down menu next to Log Level and select ERROR.
  7. Click Apply.

This issue is not applicable in Security Analytics 10.4, and a permanent fix has been included in Security Analytics 10.3 SP3.

Legacy Article IDa64033