Article Content
Article Number | 000034877 |
Applies To | RSA Product Set: Security Analytics RSA Product/Service Type: SA Core Appliance RSA Version/Condition: 10.4.x, 10.5.x, 10.6.x |
Issue | The admin password has been configured but, these logs are still seen in /var/log/messages:[Login] [audit] Failed login attempt for user 'admin' from 127.0.0.1:49754, invalid password [EventStreamAnalysisIP] = The IP of the ESA device. |
Cause | Changing the admin password can affect the connections of other devices, data sources, and services connected to it. This can also be a symptom of dashboards that fail to properly load because the connection is interrupted or invalid. |
Resolution | Note: If you change the username or password of an admin user that is connected with a data source, you must remove and re-add the Data Source(s). It is a good practice when changing the admin password to:
Reference: https://community.rsa.com/docs/DOC-63642 |