|Applies To||RSA Product Set: Security Analytics|
RSA Security Analytics 10.x
RSA Security Analytics Server 10.x
RSA Security Analytics Reporting Engine 10.x
RSA Security Analytics Decoder 10.x
RSA Security Analytics Log Decoder 10.x
RSA Security Analytics Concentrator 10.x
RSA Security Analytics Hybrid 10.x
|Issue||The error message "Unable to fetch schema from the data source" is seen in the RSA Security Analytics Reporting Engine after replacing a core appliance.|
After replacing an RSA Security Analytics Hybrid appliance, the following error messages are seen from within the Reporting Engine:
The following error message is found in the /var/lib/netwitness/uax/logs/sa.log file: Unable to fetch schema from the datastore
An error message similar to the following is found in the /var/lib/netwitness/uax/logs/sa.log
NOTE: In the example output above, the IP address referenced in the URL is the old IP address of the hybrid appliance. A 401 code is a standard HTTP error code for "not found". Therefore, the message is stating that there is no response to an HTTP GET request on the IP address 192.168.13.196 on port 50106.
|Cause||This error message can appear under several other circumstances, such as when a device's IP address changes, when a firewall is blocking communication, or due to other general network failures. The nature of the error itself is typically physical and simply indicates that the Reporting Engine cannot connect to the device as it is currently referenced by the IP address and port specified in the URL. In the example above, that would be 192.168.131.196 over port 50106. In this particular instance, the hybrid IP address was changed to 192.168.131.199 when the new unit was brought online. The broker picks up the IP address of the device exactly how it is configured. There is no way to "change" the IP address once it's added as a Data Source, but it can be remedied quite easily by deleting and re-adding the device as a Data Source.|
To remove and re-add a device as a Data Source in the Reporting Engine, follow the steps below.
If you are unsure of any of the steps above or experience any issues, contact RSA Support and quote this article ID for further assistance.
|Workaround||The IP address of the hybrid appliance has recently been changed, which may or may not be due to a unit replacement.|
|Legacy Article ID||a66156|