Skip navigation

Log in to create and rate content, and to follow, bookmark, and share content with other members.

000017643 - Unable to connect to the Reporting Engine after upgrading to RSA Security Analytics 10.3 SP4 or RSA Security Analytics 10.4.0

Document created by RSA Customer Support

on Jun 14, 2016•Last modified by RSA Customer Support

on Apr 22, 2017

Version 2Show Document

Like • Show 0 Likes0
Comment • 0
View in full screen mode

Article Content

Article Number	000017643
Applies To	RSA Security Analytics RSA Security Analytics 10.3.4 RSA Security Analytics 10.4.0 RSA Security Analytics Reporting Engine
Issue	Unable to connect to the Reporting Engine after upgrading to RSA Security Analytics 10.3 SP4 or RSA Security Analytics 10.4.0. Attempts to connect to the Reporting Engine via the Security Analytics server IP address fail. Attempts to connect to the Reporting Engine via the loopback address 127.0.0.1 fail. Attempts to connect to the Reporting Engine via the localhost hostname fail.
Cause	This issue occurs because the Jetty web server has cached the IP address for connecting to the Reporting Engine.
Resolution	To resolve the issue, perform the workaround below: RSA Security Analytics 10.3.4 In the Security Analytics UI, navigate to Administration -> Devices and remove the Reporting Engine. Issue this command via SSH on the Security Analytics server: stop rsasoc_re Issue this command via SSH on the Security Analytics server: stop jettysrv Issue this command via SSH on the Security Analytics server: start jettysrv; tail -f /var/log/messages Monitor the on-screen output to see when jettysrv comes fully back up. Then attempt to log in via GUI to verify jettysrv is running. Issue this command via SSH: start rsasoc_re; tail -f /home/rsasoc/rsa/soc/reporting-engine/logs/reporting-engine.log Monitor the output to see when the Reporting Engine is fully up. Add the Reporting engine to the device list in the Security Analytics UI, using the loopback IP address of 127.0.0.1. RSA Security Analytics 10.4.0 In the Security Analytics UI, navigate to Administration -> Services and remove the Reporting Engine service. Navigate to Administration -> Appliances, select the Security Analytics server appliance, and click on the Edit button. In the Edit Appliance dialog box, change the Host Name to be 127.0.0.1. Issue this command via SSH on the Security Analytics server: stop rsasoc_re Issue this command via SSH on the Security Analytics server: stop jettysrv Issue this command via SSH on the Security Analytics server: stop nwappliance Issue this command via SSH on the Security Analytics server: start jettysrv; tail -f /var/log/messages Monitor the on-screen output to see when jettysrv comes fully back up. Then attempt to log in via GUI to verify jettysrv is running. Issue this command via SSH on the Security Analytics server: start rsasoc_re Issue this command via SSH on the Security Analytics server: start nwappliance In the Security Analytics UI, navigate to Administration -> Services and re-add the Reporting Engine service. If you are unsure of any of the steps above or experience any issues, contact RSA Support and quote this article ID for further assistance.
Legacy Article ID	a67326

Attachments

Outcomes

0 Comments

Recommended Content

Incoming Links

000030380 - Duplicate services with a localhost address are present in RSA Security Analytics 10.4.x or above