Skip navigation

Log in to create and rate content, and to follow, bookmark, and share content with other members.

000034175 - Error when trying to add Incident Management as a data-source to Context Hub in RSA NetWitness Logs and Packets

Document created by RSA Customer Support

on Oct 11, 2016•Last modified by RSA Customer Support

on Apr 21, 2017

Version 3Show Document

Like • Show 0 Likes0
Comment • 0
View in full screen mode

Article Content

Article Number	000034175
Applies To	RSA Product Set: Security Analytics, NetWitness Logs and Packets RSA Product/Service Type: Security Analytics Server, Context Hub, Incident Management RSA Version/Condition: 10.6.x.x and later versions Platform: CentOS
Issue	When trying to add IM as a data-source to the Context Hub, an error like the following is received: "Error: A service already exists on port 27017"
Cause	The issue can occur if IM was added as a datasource in earlier versions of SA with incomplete information (i.e. IM Password not typed) and no longer shows up on the Data Sources tab but still exists in the Context Hub catalogConfiguration.cfg file.
Resolution	SSH into the ESA appliance and perform the following steps to reset the Context Hub configuration: 1. Stop the rsa-context service: service rsa-context stop 2. Rename catalogConfiguration.cfg cd /opt/rsa/context/conf/ mv catalogConfiguration.cfg catalogConfiguration.cfg.bkp 3. Start the rsa-context service: service rsa-context start 4. Make sure you are able to login to context-hub mongo database as follows: [root@esa bin]# mongo context-wds -u context -p context TokuMX mongo shell v1.4.2-mongodb-2.4.10 connecting to: context-wds At this point you should now be able to add Incident Management as a Data Source to the Context Hub

Attachments

Outcomes

0 Comments

Recommended Content