Article Content
Article Number | 000031301 |
Applies To | RSA Product Set: Security Analytics RSA Product/Service Type: Security Analytics Server, Security Analytics UI, Incident Management (IM), Event Stream Analysis (ESA) RSA Version/Condition: 10.5.0.0 Platform: CentOS O/S Version: EL6 |
Issue | Customer on SA 10.5.0.0 and above seeing errors on ESA Alerts Summary page on SA UI and tokumx.log file being filed by messages like: The tokumx.log file is reporting errors similar to the examples below. Fri Sep 18 11:06:45.507 [initandlisten] waiting for connections on port 27017 The ESA Alerts Summary page in the Security Analytics UI is also reporting the following error: not authorized for query on im.system.namespaces Issuing the command lsof -i:27017 displays a large number of connections as shown below. mongod 25979 tokumx 829u IPv4 7300117 0t0 TCP RSAAPP2P:27017->puppetmaster.local:36753 (ESTABLISHED) |
Cause | This issue can result from one of the following causes:
|
Workaround | To resolve the issue, log into the Security Analytics UI and reset the username and password for the Incident Management service's MongoDB database following the instructions in the Security Analytics 10.5 User Guide. After making the change, the MongoDB and Java will be stable and there will be no more errors in the tokumx.log file or the ESA Alerts Summary Page. |