000030355 - Log Collectors in SSL mode are incorrectly configured as Remote Collectors after upgrading to RSA Security Analytics 10.4.x

Document created by RSA Customer Support Employee on Jun 14, 2016Last modified by RSA Customer Support Employee on Apr 21, 2017
Version 3Show Document
  • View in full screen mode

Article Content

Article Number000030355
Applies ToRSA Product Set: Security Analytics
RSA Product/Service Type: Log Collector, Security Analytics UI
RSA Version/Condition: 10.4.x
Platform: CentOS
O/S Version: EL6
IssueAfter upgrading to RSA Security Analytics 10.4.x from 10.3.x, any Log Collector service that has SSL enabled is incorrectly configured to be a Remote Collector.
Even after editing the service and deselecting the Remote option, the change is not applied.
User-added image
WorkaroundIn order to resolve the issue, the services that used SSL ports prior to upgrading to Security Analytics 10.4.x must be reconfigured by performing the steps below.
  1. In the Security Analytics UI, navigate to the Administration -> Services view.
  2. Select a service that used SSL prior to upgrading to 10.4.x and click on the Edit button.  The Edit Service dialog box will be displayed.
  3. Deselect the SSL and Remote checkboxes.
  4. Select the SSL checkbox again, at which point the port should automatically change.
  5. Remove the value in the Username field.
  6. Click on the Test Connection button.  If the SA Server can connect to the service, the message Test Connection Successful will be displayed.
  7. Click on the Save button to apply the changes.
Repeat the steps above for all Local Collectors that were configured to use SSL before being upgraded to Security Analytics 10.4.x.
If you are unsure of any of the steps above or experience any issues, contact RSA Support and quote this article number for further assistance.