|Applies To||RSA Security Analytics|
RSA Security Analytics 10.3.4
RSA Security Analytics Reporting Engine
|Issue||Reporting rules fail with the error "408 Request Timeout" after upgrading to RSA Security Analytics 10.3 SP4.|
The following error is seen in the Security Analytics UI when attempting to run a report:
An error similar to the following is observed in the /var/lib/netwitness/uax/sa.log file while executing the report in the Security Analytics UI, noting that the rsaadmin job id is variable:
|Cause||This issue occurs due to a timeout configuration change that occurred in RSA Security Analytics 10.3.4. Previously at 10.3.3 and below, higher fixed values were assigned to two parameters, NWDBqueryTimeout and SchemaTimeout. The difference in values may cause larger reports to fail.|
A hotfix for this issue has been created for RSA Security Analytics 10.3 SP4 which resolves the issue. Follow the steps below to download and apply the hotfix.
If you are unable to apply the hotfix at this time, you may alternately perform these steps to mitigate the issue:
After performing the steps above, no further errors should occur when executing a query that previously had failed.
If you are unsure of any of the steps above or experience any issues, contact RSA Support and quote this article ID for further assistance.
|Notes||Performing these changes will not impact production, nor do the changes require a service or system restart. While a hotfix is also available, applying the higher timeout values manually mitigates the problem in the same fashion as the hotfix does, as the updated rpm also simply increases the values.|
|Legacy Article ID||a67489|