000032519 - Error "[warning] User admin has a mismatch for query.timeout in local account and trusted credentials." in RSA Security Analytics

Document created by RSA Customer Support Employee on Jun 14, 2016Last modified by RSA Customer Support Employee on Apr 21, 2017
Version 2Show Document
  • View in full screen mode

Article Content

Article Number000032519
Applies ToRSA Product Set: RSA Security Analytics
RSA Product/Service Type: Core ApplianceSecurity Analytics UI
IssueThe following error message appears in /var/log/messages of any Security Analytics core appliance:
Feb  3 08:42:07 broker nw[16885]: [Security] [warning] User admin has a mismatch for query.timeout in local account and trusted credentials.  Using supplied value 60.
Feb  3 08:42:07 broker nw[16885]: [Engine] [audit] User admin (session 2813678, 148.86.184.216:45324) has logged in
CauseThis error appears when you have defined user admin to have a query timeout that is different from the timeout set on the devices on themselves for the admin account.
ResolutionThese errors can be ignored as it occurs due to the difference in the timeout set for the user and the device.
The timeout can be changed based on the requirement.
Follow the steps below to find out timeout set for users.
Security Analytics 10.4.x
  1. In the Security Analytics menu select Administration > System > Security.
  2. Select the user and click the Edit icon from the action bar.
  3. Select the Attributes tab and Check the SA Core Query Level option.
Security Analytics 10.5.x
  1. In the Security Analytics menu select Administration > Security.
  2. Select the user and click the Edit icon from the action bar.
  3. Select the Attributes tab and Check the SA Core Query Level option.
The default values for the following query levels are shown below.
  • 1 = 60 minutes (query.level.1.minutes)
  • 2 = 40 minutes (query.level.2.minutes)
  • 3 = 20 minutes (query.level.3.minutes)
To find out the timeout set for each device:
  1. In the Security Analytics menu select Administration > Services > Security view of the service.
  2. Select the admin user from the Users tab.
  3. Check the SA Core Query Timeout option.

Attachments

    Outcomes