|Applies To||RSA Product Set: Security Analytics|
RSA Product/Service Type: SA Reporting Engine
RSA Version/Condition: 10.4.1 and higher
|Issue||The reporting engine is failing to run additional reports. When looking at the reporting engine in the UI the following screen is displayed, with the message Add a Reporting Engine to the Reporter:|
|Cause||When the reporting engine stops in such a manner, run the following: |
The following error will appear;
2015-11-18 05:54:58,295 [main] ERROR com.rsa.soc.re.utils.DiskSpaceMonitorUtil - CRITICAL : Available Disk Space is critically low:
Running df -h confirms 100% usage for /home/rsasoc directory:
Then verify the directories where consumption is the highest in /home/rsasoc using following command that shows the formattedReports directory as consuming the excessive space:
du -xh /home/rsasoc/>filespace.txt
|Resolution|| Since formattedReports directory is consuming more space, move old reports to a new location, such as /tmp/oldreports, or simply remove the old reports:|
1. SSH to the Security Analytics server using the root credentials.
2. Stop the Reporting Engine service:
3. Choose one of the following methods, either move or remove:
a. To move a subset of reports to save for the month of August (Note: This command moves all reports from August 2015 to /tmp/oldreports. Before running the command, ensure there is enough disk space to accommodate the moved reports):
b. To remove a subset of reports for the month of August 2015:
4. Verify /home/rsasoc has some space available using the df -h command and run start rsasoc_re.
5. Login to the Security AnalyticsGUI and access the Reporting Engine service, which should be available once disk space is available.
IMPORTANT: To prevent this from occurring again, reduce the number of days set to retain reports. For example, change the default value for the number of days to retain reports from 100 to a lower value, such as 30 or 50 for the parameter "Retain Report History for #Days" in the UI under Reporting Engine > Config > System Configuration.