on Jun 15, 2016Article Content
| Article Number | 000029636 |
| Applies To | RSA Product Set: Security Analytics RSA Product/Service Type: Event Stream Analysis (ESA) RSA Version/Condition: 10.4.0.2 Platform: CentOS O/S Version: EL6 |
| Issue | After adding rules to ESA, they don't appear in the ESA Configuration. |
| Cause | There are a few possible reason for this behavior. 1. the / "root directory" on the SA server is full 2. the MongoDB gives space errors. There may be occasions where temporary files are placed or generated on appliance, but not removed. This is commonly caused with a large number of nwtech bundles or when hotfix patches are manually installed but not removed. |
| Resolution | 1- Check the disk usage on SA server # df -h 2- Check what is filling up the disk usage. Use the find command to check for large files over 1gb by using this syntax find / -size +1000000 note the value can be any value of kb. 3- When unneeded files are located, remove them or move them to alternate directories with more space if they need to stay on the system longer. 4-restart MongoDB by:- # service tokumx stop # service tokumx start |