|Applies To||RSA Product Set: Security Analytics|
RSA Product/Service Type: SA Core Appliance
RSA Version/Condition: 10.4.x, 10.5.x, 10.6.x
|Issue||The admin password has been configured but, these logs are still seen in /var/log/messages:|
[Login] [audit] Failed login attempt for user 'admin' from 127.0.0.1:49754, invalid password
[EventStreamAnalysisIP] = The IP of the ESA device.
|Cause||Changing the admin password can affect the connections of other devices, data sources, and services connected to it.|
This can also be a symptom of dashboards that fail to properly load because the connection is interrupted or invalid.
|Resolution||Note: If you change the username or password of an admin user that is connected with a data source, you must remove and re-add the Data Source(s).|
It is a good practice when changing the admin password to: