Article Content
Article Number | 000029290 |
Applies To | RSA Product Set: Security Analytics, NetWitness Logs & Network RSA Product/Service Type: Reporting Engine, Concentrator, Broker RSA Version/Condition: 10.x, 11.x Platform: CentOS O/S Version: EL6, EL7 |
Issue | After changing the admin password on any Security Analytics or NetWitness service used as a data source for the Reporting Engine (broker or concentrator), reports fail to complete and instead throw an error similar to the example below in /var/netwitness/re-server/rsa/soc/reporting-engine/logs/reporting-engine.log (NetWitness 11.x) or /home/rsasoc/rsa/soc/reporting-engine/logs/reporting-engine.log (SA 10.x).
/var/log/messages on the source service show an error like below.
|
Cause | The Reporting Engine validates the reporting source by requiring a username and password. This is by design and for security purposes. This username/password combination is referenced every time a report is run against a specific reporting source. If the password for the device has changed, the reporting source must be removed and re-added, as there is no way to edit the reporting device source after it has been added. |
Resolution | To remove and re-add the data sources in the Reporting Engine, follow the steps below.
|