Skip navigation

Log in to create and rate content, and to follow, bookmark, and share content with other members.

000034877 - What to consider on RSA NetWitness when the admin password for the RSA core appliance or service has been changed.

Document created by RSA Customer Support

on Mar 16, 2017•Last modified by RSA Customer Support

on Apr 22, 2017

Version 2Show Document

Like • Show 0 Likes0
Comment • 0
View in full screen mode

Article Content

Article Number	000034877
Applies To	RSA Product Set: Security Analytics RSA Product/Service Type: SA Core Appliance RSA Version/Condition: 10.4.x, 10.5.x, 10.6.x
Issue	The admin password has been configured but, these logs are still seen in /var/log/messages: [Login] [audit] Failed login attempt for user 'admin' from 127.0.0.1:49754, invalid password [Login] [audit] Failed login attempt for user 'admin' from [EventStreamAnalysisIP]:49754, invalid password [EventStreamAnalysisIP] = The IP of the ESA device.
Cause	Changing the admin password can affect the connections of other devices, data sources, and services connected to it. This can also be a symptom of dashboards that fail to properly load because the connection is interrupted or invalid.
Resolution	Note: If you change the username or password of an admin user that is connected with a data source, you must remove and re-add the Data Source(s). It is a good practice when changing the admin password to: Check the log, test the connections, and data sources after changing the admin password. Change the admin password of each service from the default. Create a different password for the admin account on each service. Please consider the following reference before changing an admin password on Netwitness: Reference: https://community.rsa.com/docs/DOC-63642

Attachments

Outcomes

0 Comments

Recommended Content