|Applies To||RSA Product Set: Security Analytics|
RSA Security Analytics 10.x
RSA Security Analytics Event Stream Analysis 10.x
|Issue||The RSA Security Analytics ESA service is immediately stopping after being started.|
When using the 'Test Connection' button in the 'Add Device' or 'Edit Device' dialog box, the following error is shown: Test Connection Failed
The ESA service is found not to be running using the following command:
Attempting to start the service is successful:
However, after 1-2 mins, the following 2 commands indicate that the service is no longer listening on port 50030/TCP as the service has stopped again.
The following message appears in the /opt/rsa/esa/logs/esa.log file:
The issue is due to the fact that the service cannot bind to port 50030 because it believes the address is already in use.
The hostname specified in the loopback address specified in the /etc/hosts file must match the HOSTNAME specified in the /etc/sysconfig/network file, as shown below.
|Notes||The Event Stream Analysis (ESA) service log is found in the following location: /opt/rsa/esa/logs/esa.log|
|Legacy Article ID||a64779|