000033061 - The /var/lib/netwitness/uax/logs/sa.log file is not logging on the RSA Security Analytics server

Document created by RSA Customer Support Employee on Jun 14, 2016Last modified by RSA Customer Support Employee on Apr 21, 2017
Version 3Show Document
  • View in full screen mode

Article Content

Article Number000033061
Applies ToRSA Product Set: RSA Security Analytics 
RSA Product/Service Type: Security Analytics Server
RSA Version/Condition: 10.4.x, 10.5.x
Platform: CentOS
O/S Version: EL6
IssueOn the Security Analytics server, the /var/lib/netwitness/uax/logs/sa.log file is not logging new entries.

There are two possible workarounds to resolve the issue.

Restart the jettysrv service.

  1. Connect to the Security Analytics server via SSH as the root user.
  2. Issue the two commands below.
    CAUTION:  The Security Analytics UI will be temporarily unavailable as the service restarts.
    stop jettysrv
    start jettysrv


Change the system logging settings.

  1. In the Security Analytics UI, navigate to Administration -> System -> System Logging -> Settings.
  2. Change Max # Backup Files from 9 to 10.
    User-added image
If issue persists after performing the workarounds, contact RSA Support and quote this article number for further assistance.