Skip navigation

Log in to create and rate content, and to follow, bookmark, and share content with other members.

000030519 - Checkpoint collection not working and reports the error "peer ended the session" in RSA Security Analytics

Document created by RSA Customer Support

on Jun 14, 2016•Last modified by RSA Customer Support

on Apr 21, 2017

Version 3Show Document

Like • Show 0 Likes0
Comment • 0
View in full screen mode

Article Content

Article Number	000030519
Applies To	RSA Product Set: Security Analytics RSA Product/Service Type: SA Security Analytics RSA Version/Condition: 10.5.x, 10.6.0.0 Platform: CentOS O/S Version: EL6
Issue	Checkpoint log collection not working in Security Analytics 10.5. The following event is recorded in the log file: peer ended the session
Resolution	This issue is currently being investigated by the Engineering team in order to resolve it in a future release.
Workaround	To resolve the issue, follow the steps below. Connect to the Log Collector via SSH as the root user. Stop the log collector with stop nwlogcollector Make a backup and then remove the checkpoint position file . The name is dependent on the name of the CheckPoint source. (/var/netwitness/logcollector/runtime/checkpoint/eventsources/checkpoint.CP_Security.xml). If in doubt run ls /var/netwitness/logcollector/runtime/checkpoint/eventsources/*.xml mv /var/netwitness/logcollector/runtime/checkpoint/eventsources/checkpoint.CP_Security.xml /var/netwitness/logcollector/runtime/checkpoint/eventsources/checkpoint.CP_Security.xml.bak Restart the nwlogcollector service to regenerate the file. start nwlogcollector (Optional) Check to see if the Max Idle Time Poll is set to 0. If so, you can set it to 5.

Attachments

Outcomes

0 Comments

Recommended Content

Incoming Links