This checklist describes tasks to be performed daily and weekly for maintaining the health of your Security Analytics systems.
It is important to perform daily maintenance checks on the Security Analytics Server (also known as the SA Head Unit) to keep it running smoothly. This checklist describes which items to check on a regular basis.
The primary audience for this guide is members of the Administration team who are responsible for maintaining Security Analytics.
|Security Analytics contains a robust Health and Wellness component. It is an excellent early warning system |
and alert system for any issues that your deployment of
Security Analytics may face. To learn more about
health and wellness, read the Health and Wellness topic
in the System Maintenance Guide in RSA Link
It is a best practice to monitor service and systems logs for
Security Analytics uses an in-memory H2 database. Check the size of the H2 database on a weekly basis. The
|4.||Reporting Engine|| |
Monitor the Reporting Engine to ensure that it does not fill up the /home/rsasoc/ partition. Run a df command to determine if there
Recovery steps: Open a ticket with Customer Support, in
|5.||Malware Colo |
The Malware Analysis colo service may fail if the spectrum.h2.db database size is over 10 GB. Avoid running the Malware Analysis colo service for continuous scans and check the size of the database frequently. This service is located on all Security Analytics servers. Do not confuse it with the stand-alone Malware Analysis appliance or virtual machine. If the service fails due to unavailable disk space, follow these steps to resolve the failure:
|6.||RabbitMQ Server|| |
The Security Analytics server uses the RabbitMQ service for features such as federation, Health and Wellness,
Recovery Steps: If RabbitMQ is down, follow these steps:
Contact Customer Care
Use the following contact information if you have any questions or need assistance.
|Contact RSA Support:||https://community.rsa.com/docs/DOC-1294|
|Support Plans and Options:||https://community.rsa.com/docs/DOC-40401|
Preparing to Contact Customer Care
When you contact Customer Care, you should be at your computer. Be prepared to give the following information:
- The version number of the RSA Security Analytics product or application you are using.
- The type of hardware you are using.
|.00||10-20-16||Initial draft||Information Design and Development|
|.01||10-28-16||Second draft||Information Design and Development|
|.02||11-04-16||Third draft||Information Design and Development|
|.03||11-21-16||Final draft||Information Design and Development|