|Applies To||RSA Product Set: Security Analytics|
RSA Product/Service Type: SA Core Appliance, SA Log Collector
RSA Version/Condition: 10.4.X, 10.5.X, 10.6.X
|Issue||During File collection event source integration, Cache key to connect event source with STIG Collector gives errors as below.|
|Cause||This is error is due to "sftp" user password expired in STIG collector. This can be verified using below.|
May 18 12:11:46 XXX sshd: pam_unix(sshd:account): expired password for user sftp (root enforced)
Please run chage -l sftp command in STIG collector to see password status for "sftp" user.
|Resolution|| As per STIG compliance, all user passwords need to be renewed for every 60 days. During File collection integration, make sure "sftp" user password not expired. If "sftp" user password need to be changed, Please use below steps.|
1. Login STIG collector ssh as administrator.
2. Run passwd sftp to change password.
Note: Please use http://sadocs.emc.com/0_en-us/089_105InfCtr/215_SysAdm/ConfigurSTIG/00_Intro document for STIG compliant password.
3. Please try Cache key step in Event source with psftp -i private.ppk -l sftp -v <Collector IP>