000016426 - Corrupt Avro files are being stored on the RSA Security Analytics Warehouse (SAW) by the Warehouse Connector

Document created by RSA Customer Support Employee on Jun 14, 2016Last modified by RSA Customer Support Employee on Apr 21, 2017
Version 2Show Document
  • View in full screen mode

Article Content

Article Number000016426
Applies ToRSA Product Set: Security Analytics
RSA Product/Service Type: Security Analytics Warehouse (SAW), Warehouse Connector, Reporting Engine
RSA Version/Condition: 10.3.0, 10.3.1, 10.3.2, 10.3.3, 10.3.4
Platform: CentOS
O/S Version: EL5, EL6
IssueCorrupt Avro files are being stored on the RSA Security Analytics Warehouse (SAW) by the warehouse connector.
RSA Security Analytics reports fail due to corrupt Avro files on the SAW.
Third-party Avro scanning tools can be used to identify and remove the corrupted files, but this creates gaps in the data.
Resolution

A hotfix for the Warehouse Connector has been created for RSA Security Analytics 10.3 SP3 that provides an automated integrity check on Avro files before they are pushed to the SAW nodes.


If you are experiencing this issue and wish to apply the hotfix, contact RSA Support and quote this article number for further assistance and to obtain the update package.


 


This new checksum validation feature has also been implemented in RSA Security Analytics 10.3.5 and 10.4.1.

Legacy Article IDa67554

Attachments

    Outcomes