000030116 - Log collection may fail after the upgrading RSA Security Analytics because the system fingerprint has changed

Document created by RSA Customer Support Employee on Jun 14, 2016Last modified by RSA Customer Support Employee on Apr 21, 2017
Version 2Show Document
  • View in full screen mode

Article Content

Article Number000030116
Applies ToRSA Product Set: Security Analytics
RSA Product/Service Type: Log Collector
RSA Version/Condition: 10.4.x
Platform: CentOS
O/S Version: EL6
Issue

When upgrading a Log Collector a newer OS kernel may be installed. This is likely to invalidate the lockbox of the Log Collector instances so the collection may be failing.


Errors in the /var/log/messages:


Feb 2 04:23:48 NCORP-VLC-01 nw[2028]: [EncryptionWrapper] [info] key was not found: failed to open lockbox: The lockbox stable value threshold was not met because the system fingerprint has changed. To reset the system fingerprint, open the lockbox using the passphrase.

Feb 2 04:23:48 NCORP-VLC-01 nw[2028]: [EncryptionWrapper] [failure] failed to open lockbox: The lockbox stable value threshold was not met because the system fingerprint has changed. To reset the system fingerprint, open the lockbox using the passphrase.

Cause The system fingerprint change results in the invalidation of the log collector's lockbox.
ResolutionTo resolve the issue please re-enter the lockbox password for "Reset Stable System Value".
For more details, please see the page entitled Reset the Stable System Value in the RSA Security Analytics User Guide.
 

Attachments

    Outcomes