000029879 - Parser error "version (10.3) does not match system version (10.4)" after upgrading to RSA Security Analytics 10.4.x

Document created by RSA Customer Support Employee on Jun 14, 2016Last modified by RSA Customer Support Employee on Apr 21, 2017
Version 2Show Document
  • View in full screen mode

Article Content

Article Number000029879
Applies ToRSA Product Set: Security Analytics
RSA Product/Service Type: Packet Decoder
RSA Version/Condition: 10.4.x
Platform: CentOS
O/S Version: EL6
 
IssueAfter upgrading to SA 10.4X from a release 10.3. or lower, the following error messages may be observed in the /var/log/messages file: 
Feb 19 15:21:32 sahost nw[2010]: [Parse] [warning] Parser BITTORRENT version (10.3) does not match system version (10.4)
Feb 19 15:21:32 sahost nw[2010]: [Parse] [warning] Parser FIX version (10.3) does not match system version (10.4)
Feb 19 15:21:32 sahost nw[2010]: [Parse] [warning] Parser GNUTELLA version (10.3) does not match system version (10.4)


 
CauseThese parsers are included in the file NwFlex.parser.  The file is not included in the 10.4 release, but is in previous releases. The upgrade process neglects to remove the file.
 
ResolutionTo prevent the system of generating these error, delete the file "NwFlex.parser" from /etc/netwitness/ng/parsers on the appliance.
Then execute a parser reload on the SA UI as an administrative account:
Click on the packet decoder device under "services", then select the gear icon to the far right, then click Explore->Decoder->Parsers
Right click, and select Properties
Select reload from the drop down list, then click on Send

Attachments

    Outcomes