|Applies To||RSA Security Analytics|
RSA Security Analytics 10.3 and above
RSA Security Analytics IPDB Extractor
|Issue||Unable to Connect to IPDBExtractor After Upgrading to SA 10.3 (or above)|
After upgrading to RSA Security Analytics 10.3 or above, users are unable to connect to the IPDB Extractor.
Test Connection in the Devices view of the Security Analytics UI fails.
The nwipdbextractor service is started/running but is not listening on the 50125/TCP port.
The /var/log/message file reports errors similar to the following:
There is a slight change of behavior in 10.3 as prior versions did not require the .dir file to exist before listening on 50125/TCP. Starting with SA 10.3, at startup, the IPDBExtractor service looks for the device location file which contains all the configuration details of the IPDB, such as the ESIPDB.dir file.
Also, if only /var/netwitness/ipdbextractor/devicelocation is present, the user must create the subdirectories to that path /var/netwitness/ipdbextractor/devicelocation/global/local/directory and put the .dir file in that location.
Every minute, the IPDB Extractor service looks for this file. Until the user supplies this file, the service will not start listening on 50125/TCP. In summary, the IPDBExtractor service requires both .dir file and that IPDB be mounted using CIFS before it will start cleanly.
|Legacy Article ID||a65310|