000030591 - Some reporting features stop working properly after upgrading to RSA Security Analytics 10.5

Document created by RSA Customer Support Employee on Jun 14, 2016Last modified by RSA Customer Support Employee on Apr 21, 2017
Version 3Show Document
  • View in full screen mode

Article Content

Article Number000030591
Applies ToRSA Product Set: Security Analytics
RSA Product/Service Type: Reporting Engine, Security Analytics UI, Security Analytics Server
RSA Version/Condition: 10.5.x
Platform: CentOS
Platform (Other): Java, Puppet
O/S Version: EL6
IssueAfter upgrading to RSA Security Analytics 10.5, some of the reporting features such as rule execution or import fail to work properly.
User-added image
Attempting to add Reporting Engine data sources may also result in the following error:  Communication error. Unable to process request.
User-added image
The /home/rsasoc/rsa/soc/reporting-engine/logs/reporting-engine.log file may also report an error similar to the example below.
2015-05-25 13:09:09,042 [CleanExpiredNwConnectionsJob] ERROR com.rsa.soc.datasource.nextgen.nw.CleanExpiredNwConnectionsJob - java.lang.NullPointerException
CauseThis issue occurs if the Reporting Engine is started with Java 1.7 instead of Java 1.8 after upgrading.
ResolutionIn order to resolve the issue, follow the steps below.
  1. Connect to the Security Analytics Server appliance via SSH as the root user.
  2. Using the less command, open the latest reporting-engine.sh* file from the /home/rsasoc/rsa/soc/reporting-engine/logs/ directory.
    • If the Reporting Engine is using Java 1.7, then the following message is displayed: Current java version is java version "1.7.0_75"
        User-added image
    • If the Reporting Engine is already using Java 1.8, then the Current Java version (without any version number) message will be displayed.
        In this case, you do not need to complete step 2.
  3. Make sure that the Java version is updated from version 1.7 to version 1.8.
    • Issue the command ps -ef | grep -i puppet to find out if the execution of the Puppet agent responsible for updating the Java alternatives has completed.
        If the Puppet agent for updating the java alternatives is in-progress, the puppet agent: applying configuration process is displayed.
        After the Java version is updated to version 1.8, that process is no longer displayed.
    • After the Puppet agent completes the configuration process, issue the command ls -l /etc/alternatives/java to determine if the Java alternatives have been updated to version 1.8.
        User-added image
    • After the Java version has been updated to 1.8, restart the Reporting Engine via the Security Analytics UI on the Administration -> Services page.
If you are unsure of any of the steps above or experience any issues, contact RSA Support and quote this article number for further assistance.