000032358 - Event Stream Analysis troubleshooting script (ESATool) for RSA Security Analytics

Document created by RSA Customer Support Employee on Jun 30, 2016Last modified by RSA Customer Support Employee on Apr 21, 2017
Version 5Show Document
  • View in full screen mode

Article Content

Article Number000032358
Applies ToRSA Product Set: Security Analytics
RSA Product/Service Type: Event Stream Analysis (ESA)
RSA Version/Condition: 10.3 , 10.4 , 10.5, 10.6
Platform: CentOS
O/S Version: EL6
IssueESATool is a bash script designed to ease troubleshooting in ESA appliance.
ResolutionThe tool and a guide on how to use it can be downloaded from the attachments in this article.
To install the tool, download the attached RPM file, copy it to the ESA appliance, and issue the command below.
rpm -i esatool-v.2.1-2.noarch.rpm

For full instructions on using the tool, refer to the ESATool User Guide attached to this article.
Example (This is for upgrading or installing esatool):
[root@rsaesa-001--0 rpms]# rpm -Uvh esatool-v.2.1-2.noarch.rpm
Preparing...                ########################################### [100%]
   1:esatool                ########################################### [100%]
esatool installed, please check: man esatool

Usage:
[root@rsaesa-001--0 ~]# esatool

For full instructions on using the tool, refer to the ESATool User Guide attached to this article.
NotesChangelog 2.1
  • 10.6.x supported
  • Fixed some code issues
  • You can skip count deleting alerts between dates(useful is tokumx is huge)

Changelog 2.1.1


  • Added enforcement of UsingEventTime (ESA > Explore > CEP > Engine > cepEngine  ) to true in precheck section
Changelog 2.1.2
  • Fixed code issue in esaclient
  • Added option to skip the precheck
  • Displayed the current version of ESA in the menu
  • Added nextgen section in precheck section

Attachments

Outcomes