000017643 - Unable to connect to the Reporting Engine after upgrading to RSA Security Analytics 10.3 SP4 or RSA Security Analytics 10.4.0

Document created by RSA Customer Support Employee on Jun 14, 2016Last modified by RSA Customer Support Employee on Apr 22, 2017
Version 2Show Document
  • View in full screen mode

Article Content

Article Number000017643
Applies ToRSA Security Analytics
RSA Security Analytics 10.3.4
RSA Security Analytics 10.4.0
RSA Security Analytics Reporting Engine
IssueUnable to connect to the Reporting Engine after upgrading to RSA Security Analytics 10.3 SP4 or RSA Security Analytics 10.4.0.
Attempts to connect to the Reporting Engine via the Security Analytics server IP address fail.
Attempts to connect  to the Reporting Engine via the loopback address 127.0.0.1 fail.
Attempts to connect  to the Reporting Engine via the localhost hostname fail.
CauseThis issue occurs because the Jetty web server has cached the IP address for connecting to the Reporting Engine.
Resolution

To resolve the issue, perform the workaround below:


 


RSA Security Analytics 10.3.4


  1. In the Security Analytics UI, navigate to Administration -> Devices and remove the Reporting Engine.
  2. Issue this command via SSH on the Security Analytics server: stop rsasoc_re
  3. Issue this command via SSH on the Security Analytics server: stop jettysrv
  4. Issue this command via SSH on the Security Analytics server: start jettysrv; tail -f /var/log/messages
  5. Monitor the on-screen output to see when jettysrv comes fully back up. Then attempt to log in via GUI to verify jettysrv is running.
  6. Issue this command via SSH: start rsasoc_re; tail -f /home/rsasoc/rsa/soc/reporting-engine/logs/reporting-engine.log
  7. Monitor the output to see when the Reporting Engine is fully up.
  8. Add the Reporting engine to the device list in the Security Analytics UI, using the loopback IP address of 127.0.0.1.

 


RSA Security Analytics 10.4.0


  1. In the Security Analytics UI, navigate to Administration -> Services and remove the Reporting Engine service.
  2. Navigate to Administration -> Appliances, select the Security Analytics server appliance, and click on the Edit button.
  3. In the Edit Appliance dialog box, change the Host Name to be 127.0.0.1
  4. Issue this command via SSH on the Security Analytics server: stop rsasoc_re
  5. Issue this command via SSH on the Security Analytics server: stop jettysrv
  6. Issue this command via SSH on the Security Analytics server: stop nwappliance
  7. Issue this command via SSH on the Security Analytics server: start jettysrv; tail -f /var/log/messages
  8. Monitor the on-screen output to see when jettysrv comes fully back up. Then attempt to log in via GUI to verify jettysrv is running.
  9. Issue this command via SSH on the Security Analytics server: start rsasoc_re
  10. Issue this command via SSH on the Security Analytics server: start nwappliance
  11. In the Security Analytics UI, navigate to Administration -> Services and re-add the Reporting Engine service.

 


If you are unsure of any of the steps above or experience any issues, contact RSA Support and quote this article ID for further assistance.

Legacy Article IDa67326

Attachments

    Outcomes