|Applies To||RSA Product Set: Security Analytics|
RSA Product/Service Type: Security Analytics Server, Security Analytics UI, Incident Management (IM), Event Stream Analysis (ESA)
RSA Version/Condition: 10.5.0.0
O/S Version: EL6
|Issue||Customer on SA 10.5.0.0 and above seeing errors on ESA Alerts Summary page on SA UI and tokumx.log file being filed by messages like: |
The tokumx.log file is reporting errors similar to the examples below.
Fri Sep 18 11:06:45.507 [initandlisten] waiting for connections on port 27017
The ESA Alerts Summary page in the Security Analytics UI is also reporting the following error:
not authorized for query on im.system.namespaces
Issuing the command lsof -i:27017 displays a large number of connections as shown below.
mongod 25979 tokumx 829u IPv4 7300117 0t0 TCP RSAAPP2P:27017->puppetmaster.local:36753 (ESTABLISHED)
|Cause||This issue can result from one of the following causes:|
|Workaround||To resolve the issue, log into the Security Analytics UI and reset the username and password for the Incident Management service's MongoDB database following the instructions in the Security Analytics 10.5 User Guide.|
After making the change, the MongoDB and Java will be stable and there will be no more errors in the tokumx.log file or the ESA Alerts Summary Page.