000034175 - Error when trying to add Incident Management as a data-source to Context Hub in RSA NetWitness Logs and Packets

Document created by RSA Customer Support Employee on Oct 11, 2016Last modified by RSA Customer Support Employee on Apr 21, 2017
Version 3Show Document
  • View in full screen mode

Article Content

Article Number000034175
Applies ToRSA Product Set: Security Analytics, NetWitness Logs and Packets
RSA Product/Service Type: Security Analytics Server, Context Hub, Incident Management
RSA Version/Condition: 10.6.x.x and later versions
Platform: CentOS
 
IssueWhen trying to add IM as a data-source to the Context Hub, an error like the following is received:
"Error: A service already exists on port 27017"


 
CauseThe issue can occur if IM was added as a datasource in earlier versions of SA with incomplete information (i.e. IM Password not typed) and no longer shows up on the Data Sources tab but still exists in the Context Hub catalogConfiguration.cfg file.
ResolutionSSH into the ESA appliance and perform the following steps to reset the Context Hub configuration:
1. Stop the rsa-context service:
service rsa-context stop

2. Rename catalogConfiguration.cfg
cd /opt/rsa/context/conf/
mv catalogConfiguration.cfg catalogConfiguration.cfg.bkp

3. Start the rsa-context service:
service rsa-context start

4. Make sure you are able to login to context-hub mongo database as follows:
[root@esa bin]# mongo context-wds -u context -p context
TokuMX mongo shell v1.4.2-mongodb-2.4.10
connecting to: context-wds

At this point you should now be able to add Incident Management as a Data Source to the Context Hub

 

Attachments

    Outcomes