000029636 - New rules do not appear in ESA Configuration after trying to add them in RSA Security Analytics

Document created by RSA Customer Support Employee on Jun 15, 2016Last modified by RSA Customer Support Employee on Apr 21, 2017
Version 2Show Document
  • View in full screen mode

Article Content

Article Number000029636
Applies ToRSA Product Set: Security Analytics
RSA Product/Service Type: Event Stream Analysis (ESA)
RSA Version/Condition:
Platform: CentOS
O/S Version: EL6
IssueAfter adding rules to ESA, they don't appear in the ESA Configuration.
CauseThere are a few possible reason for this behavior.
1. the / "root directory" on the SA server is full
2. the MongoDB gives space errors.

There may be occasions where temporary files are placed or generated on appliance, but not removed.  
This is commonly caused with a large number of nwtech bundles or when hotfix patches are manually installed but not removed.
Resolution1- Check the disk usage on SA server
# df -h
2- Check what is filling up the disk usage.  Use the find command to check for large files over 1gb by using this syntax
             find / -size +1000000
note the value can be any value of kb.
3- When unneeded files are located, remove them or move them to alternate directories with more space if they need to stay on the system longer.
4-restart MongoDB by:-
# service tokumx stop
# service tokumx start