|Applies To||RSA Security Analytics|
RSA Security Analytics Event Stream Analysis
|Issue||The RSA Security Analytics ESA service is immediately stopping after being started.|
When using the 'Test Connection' button in the 'Add Device' or 'Edit Device' dialog box, the following error is shown: Test Connection Failed
The ESA service is found not to be running using the following command:
Attempting to start the service is successful:
However after 1-2 mins, the following 2 commands indicate that the service is no longer listening on port 50030/TCP as the service has stopped again.
The following message appears in the /opt/rsa/esa/logs/esa.log file:
The issue is due to the fact that the service cannot bind to port 50030 because it believes the address is already in use.
The hostname specified in the loopback address specified in the /etc/hosts file must match the HOSTNAME specified in the /etc/sysconfig/network file, as shown below.
1. Make the hostnames in the /etc/hosts and /etc/sysconfig/network files consistent.
2. Restart the ESA Service.
3. Check ESA service log for the successful bind message:
|Notes||The Event Stream Analysis (ESA) service log is found in the following location: /opt/rsa/esa/logs/esa.log|
|Legacy Article ID||a64779|