Skip navigation

Log in to create and rate content, and to follow, bookmark, and share content with other members.

000029636 - New rules do not appear in ESA Configuration after trying to add them in RSA Security Analytics

Document created by RSA Customer Support

on Jun 15, 2016•Last modified by RSA Customer Support on Sep 30, 2019

Version 3Show Document

Like • Show 0 Likes0
Comment • 0
View in full screen mode

Article Content

Article Number	000029636
Applies To	RSA Product Set: Security Analytics RSA Product/Service Type: Event Stream Analysis (ESA) RSA Version/Condition: 10.x Platform: CentOS O/S Version: EL6
Issue	New rules do not appear in ESA Configuration after trying to add them in RSA Security Analytics.
Cause	There are a few possible reasons for this behavior. The / (root directory) on the SA server is full. The MongoDB shows disk space related errors. There may be occasions where temporary files are placed or generated on the appliance, but not removed. This is commonly caused by a large number of nwtech dumps or when service packs or hotfix patches are manually installed but not removed.
Resolution	SSH into the SA server and check the disk usage df -h If high disk usage is noticed from step 1, investigate further to confirm what is filling up the disk usage. You may use commands like the following examples to locate the large files. du -sh /root/* \|sort -h find / -not -path '/proc*' -type f -size +1G When unneeded files are located, remove them or move them to alternate directories with more space if they need to stay on the system longer. Restart MongoDB by issuing the following commands. service tokumx stop service tokumx start

Attachments

Outcomes

0 Comments

Recommended Content