|Applies To||RSA Product Set: Web Threat Detection|
RSA Product/Service Type: Forensics
RSA Version/Condition: 5.1
|Issue||Forensics UI is not displaying hourly 'blue bars' . |
|Resolution||To determine the cause of issues with WTD when blue bars are not showing that the hourly processing is working (and general practice for many issues in WTD)|
1. Determine if there were any changes in WTD configuration, or networking or OS environment.
2. Go to the VARZ grapher and look at the message flow across the components from
Silvertap to Front Plex to SilverSurfer to Back Plex to Mitigator to Alert plex to Alert Server and Organizer
A. Go to /var/log/messages and look for error and var/log/silvertail/ for component log
B. Look at top -H in the console for WTD processes that are consuming large memory and cpu cycles.
C. Consider a restart if there are no errors seen above.
5. Observe results of a restart of services, or if issues are persisting contact Customer Support for further assistance.
6. Go to var/opt/silvertail/data/tasks and /indexer folders and make sure the completed folders of each are empty.
Note: If still having an issue consider contacting Customer Support for further assistance.
|Notes||It is difficult to provide a complete troubleshooting flow, but the steps included in this article can be used by Customer Support Engineers and our Customers to initiate steps towards a cause and resolution.|