000030520 - Inaccurate message generated for AWS collection error in RSA Security Analytics

Document created by RSA Customer Support Employee on Jun 14, 2016Last modified by RSA Customer Support Employee on Apr 21, 2017
Version 3Show Document
  • View in full screen mode

Article Content

Article Number000030520
Applies To
RSA Product Set: Security Analytics
RSA Product/Service Type: Log Collector, Security Analytics UI
RSA Version/Condition: 10.5.x, 10.6.0.0
Platform: CentOS
Platform (Other): Amazon Web Services (AWS) CloudTrail
O/S Version: EL6
IssueWhen the transform file is not present for an Amazon Web Service (AWS) CloudTrail collection in the required directory (/etc/netwitness/ng/logcollection/content/transform/cmdscript) on the Log Collector, the Security Analytics UI displays the following error message:
Error: could not find supported file type in file /etc/netwitness/ng/logcollection/content/collection/cmdscript/cloudtrail_transform.xml

User-added image
ResolutionThis issue is currently being investigated by the Engineering team in order to resolve it in a future release.
WorkaroundTo resolve the issue, verify that the /etc/netwitness/ng/logcollection/content/transform/cmdscript/cloudtrail_transform.xml is indeed missing.
If it is, deploy the Log Collector content for the AWS collection from the Live -> Search page in the Security Analytics UI, as shown below.
User-added image
If the file is present but the error is logging, then it can be safely ignored.
 

Attachments

    Outcomes