000033061 - The /var/lib/netwitness/uax/logs/sa.log file is not logging on the RSA Security Analytics server

Document created by RSA Customer Support Employee on Jun 14, 2016Last modified by RSA Customer Support on Jul 8, 2019
Version 4Show Document
  • View in full screen mode

Article Content

Article Number000033061
Applies ToRSA Product Set: RSA NetWitness Logs & Network
RSA Product/Service Type: NetWitness Server
RSA Version/Condition: 10.4.x, 10.5.x, 10.6.x, 11.0.x, 11.1.x, 11.2.x
Platform: CentOS
O/S Version: EL6, EL7
IssueOn the Security Analytics server, the /var/lib/netwitness/uax/logs/sa.log file is not logging new entries.

There are two possible workarounds to resolve the issue.

Restart the jettysrv service.

  1. Connect to the Security Analytics server via SSH as the root user.
  2. Issue the two commands below.
    CAUTION:  The Security Analytics UI will be temporarily unavailable as the service restarts.

    For versions 10.x
    stop jettysrv
    start jettysrv

    For versions 11.x
    systemctl stop jettysrv
    systemctl start jettysrv


Change the system logging settings.

  1. In the Security Analytics UI, navigate to Administration -> System -> System Logging -> Settings.
  2. Change Max # Backup Files from 9 to 10.
    User-added image

If the issue persists after performing the workarounds, contact RSA Support and quote this article number for further assistance.