000030243 - Security Analytics 10.4.1 appliances shows blank fields under the Appliances page.

Document created by RSA Customer Support Employee on Jun 14, 2016Last modified by RSA Customer Support Employee on Apr 21, 2017
Version 2Show Document
  • View in full screen mode

Article Content

Article Number000030243
Applies ToSecurity Analytics 10.4.1.
IssueAfter upgrading to 10.4.1, some or all appliances show blank fields under Administration->Appliances page.
The TokuMX database shows less number of nodes (i.e. appliances) than expected. (From the SA server, run 'mongo puppet' and then 'db.nodes.find()').
 
CauseWith the SA 10.4.1 upgrade process, there are two components that set the TokuMX database path during RPM installation and depending on the order of RPM installation, the TokuMX configuration file (/etc/tokumx.conf) may reference to a empty (or near empty) database hence causing this problem.
Resolution

The issue is resolved in the following builds but if the SA server has already been upgraded using an earlier 10.4.1 version, then please follow the below steps to resolve the issue.
rsa-puppet-libs-10.4.1.0.2612-5.el6.noarch.rpm
security-analytics-web-server-10.4.1.0.16140-5.noarch.rpm
1. Log on to the SA Server as root.
2. Identify the correct database path.
ll /opt/rsa/database/tokumx/puppet*
ll /var/netwitness/database/tokumx/puppet*
The command with the right path should return several puppet_*.tokumx files as shown below. The other command may also return some results but the files will be smaller.
-rwxr-xr-x. 1 tokumx tokumx 32768 May  6 08:01 //opt/rsa/database/tokumx/puppet_nodes_id__36_5_19.tokumx
-rwxr-xr-x. 1 tokumx tokumx 40960 May  6 01:43 //opt/rsa/database/tokumx/puppet_nodes_node_1_36_9_19_B_0.tokumx
-rwxr-xr-x. 1 tokumx tokumx 32768 Oct 29  2014 //opt/rsa/database/tokumx/puppet_ns_36_4_19.tokumx
-rwxr-xr-x. 1 tokumx tokumx 32768 Oct 29  2014 //opt/rsa/database/tokumx/puppet_system_indexes__36_7_19.tokumx
-rwxr-xr-x. 1 tokumx tokumx 32768 Oct 29  2014 //opt/rsa/database/tokumx/puppet_system_namespaces__36_6_19.tokumx


In this solution, /var/netwitness/database/tokumx is used as the correct path.
3. Confirm the current dbpath in /etc/tokumx.conf file references the invalid path.
cat /etc/tokumx.conf | grep dbpath
dbpath = /var/netwitness/database/tokumx
Note: if the dbpath correctly points to the correct path, please contact RSA Support for further assistance.
4.Stop the SA and TokuMX services.
stop jettysrv
service tokumx stop
5. Modify /etc/tokumx.conf to update the dbpath.
cp /etc/tokumx.conf /etc/tokumx.conf.<todays_date>
vi /etc/tokumx.conf
Comment out the invalid path and add the valid path.
#dbpath = /var/netwitness/database/tokumx
dbpath = /opt/rsa/database/tokumx
Save the file and exit the text editor.
6. Start the SA and TokuMX services.
start jettysrv
service tokumx start
7. Confirm all nodes are available from the current database.
mongo puppet
> db.nodes.find()
8. Log in to SA UI and confirm the status of the appliances under Administration->Appliances page.

Attachments

    Outcomes