000030513 - Exporting logs from the Event Reconstruction window fails for Workbench collections in RSA Security Analytics 10.5.0.0

Document created by RSA Customer Support Employee on Jun 14, 2016Last modified by RSA Customer Support Employee on Apr 21, 2017
Version 3Show Document
  • View in full screen mode

Article Content

Article Number000030513
Applies ToRSA Product Set: Security Analytics
RSA Product/Service Type: Security Analytics UI, Archiver, Workbench
RSA Version/Condition: 10.5.0.0
Platform: CentOS
O/S Version: EL6
IssueAttempting to export logs for a Workbench collection from the Event Reconstruction window fails with the error message below.
Error retrieving logs from service: TransportException: Message packets was not recognized by /sdk

The error message is seen in the Profile -> Jobs view in the Security Analytics UI, as shown below.
User-added image
ResolutionThis issue will be permanently resolved in the Security Analytics 10.5.0.1 release.
WorkaroundIn order to export logs from a Workbench collection in Security Analytics 10.5.0.0, export the logs from the Events page rather than opening the Event Reconstruction window.
Follow the steps below to export logs from the Events page.
  1. On the Events page, select the event(s) from the Workbench collection from which logs need to be exported.
  2. Click on the Actions button, and select Export -> Export Logs.
If you are unsure of any of the steps above or experience any issues, contact RSA Support and quote this article number for further assistance.

Attachments

    Outcomes