|Applies To||RSA Product Set: Security Analytics|
RSA Product/Service Type: Event Stream Analysis (ESA)
RSA Version/Condition: 10.3.x
O/S Version: EL6
|Issue||The ESA service keeps crashing. To verify the cause, SSH to the ESA server first and verify by executing the following:|
|Cause||The ESA service will fail to start if the license trusted storage files become corrupt.|
|Resolution||This has been determined to be a stability issue by RSA engineering.|
While it has only been observed on 10.3.x, this may occur on later releases up to version 10.5 where the licencing model has been reworked to prevent trust store issues from affecting service status.
Should this issue be seen, recreate the trusted storage on the ESA server as listed in the workaround section of this article.
|Workaround||SSH to the ESA server, and run the commands below to recreate the trust storage.|
Note that since the trustedStorage file contains bits that include actual licensing information, the service will no longer be licensed in the Security Analytics UI.
Re-license the ESA server on the SA server by navigating in the Security Analytics UI to the Administration -> Devices page.