000029636 - New rules do not appear in ESA Configuration after trying to add them in RSA Security Analytics

Document created by RSA Customer Support Employee on Jun 15, 2016Last modified by RSA Customer Support on Sep 30, 2019
Version 3Show Document
  • View in full screen mode

Article Content

Article Number000029636
Applies ToRSA Product Set: Security Analytics
RSA Product/Service Type: Event Stream Analysis (ESA)
RSA Version/Condition: 10.x
Platform: CentOS
O/S Version: EL6
IssueNew rules do not appear in ESA Configuration after trying to add them in RSA Security Analytics.
CauseThere are a few possible reasons for this behavior.
  1. The / (root directory) on the SA server is full.
  2. The MongoDB shows disk space related errors.

There may be occasions where temporary files are placed or generated on the appliance, but not removed. 
This is commonly caused by a large number of nwtech dumps or when service packs or hotfix patches are manually installed but not removed.
Resolution
  1. SSH into the SA server and check the disk usage

    df -h

  2. If high disk usage is noticed from step 1, investigate further to confirm what is filling up the disk usage.  
    You may use commands like the following examples to locate the large files.

    du -sh /root/* |sort -h
    find / -not -path '/proc*' -type f -size +1G

  3. When unneeded files are located, remove them or move them to alternate directories with more space if they need to stay on the system longer.
  4. Restart MongoDB by issuing the following commands.

    service tokumx stop
    service tokumx start

Attachments

    Outcomes