000030362 - Event Stream Analysis rules are set to a disabled state when the rules fail in RSA Security Analytics 10.4.x

Document created by RSA Customer Support Employee on Jun 14, 2016Last modified by RSA Customer Support Employee on Apr 21, 2017
Version 2Show Document
  • View in full screen mode

Article Content

Article Number000030362
Applies ToRSA Product Set: Security Analytics
RSA Product/Service Type: Security Analytics UI, Event Stream Analysis (ESA)
RSA Version/Condition: 10.4.x
Platform: CentOS
O/S Version: EL6
IssueThe Event Stream Analysis synchronization returns a successful message but does not display the name of the rule(s) that failed to synchronize. The rule(s) cannot be enabled until this is fixed.
WorkaroundIn order to resolve the issue, you must find the failed rule(s) in the ESA log to fix them.
To view the logs go to Administration > Services  in the Security Analytics UI, click on the red Actions button for the ESA service, and click on View > Logs.