|Applies To||RSA Product Set: Security Analytics, NetWitness Logs & Packets|
RSA Product/Service Type: Broker, User Interface, Malware Analysis
O/S Version: EL6
|Issue||After upgrading to RSA Security Analytics 10.6.4.0 the following may be seen:|
|Cause||The cause of this issue is a fault found within the nwbroker service.|
The nwbroker service can be found on the following appliances:
|Resolution||To Determine if Patch is Required|
To determine if the Broker patch is required for your environment follow these steps:
1. SSH into any appliance that is running the Broker service (UI, independent Broker, or Malware)
ssh root@<ip address>
2. Check the RPM system to determine if the bugged nwbroker package is currently installed.
rpm -qa | grep -i nwbroker
3. If the output matches nwbroker-10.6.4.0-7147.5.dbf44c6.el6.x86_64.rpm, follow the below instructions to apply the patch.
4. If the version returned is newer than the version mentioned above, no patch is required.
To Apply The Patch
To fix this issue will require downloading a hot fix version of the nwbroker package.
Note: This package is required if you upgraded to 10.6.4.0 before August 17th 2017.
This package can be found on RSA Link on the RSA Security Analytics 10.6.4.0 Downloads page.
Follow these steps to apply the new Broker rpm package.
1. Download the package from the RSA Security Analytics 10.6.4.0 Downloads page on RSA Link.
2. Upload the RPM via secure copy protocol to all appliances that contain a Broker service (UI server, standard Broker server, & Malware Analysis server).
3. Stop the nwbroker service on the server. Wait to see the stop/waiting message before continuing.
4. Backup the current NwBroker startup file to a safe location. In this example it is being backed up to the /root folder.
cp /usr/sbin/NwBroker /root/NwBroker.backsup
5. Install the new nwbroker RPM package on the server. Make sure you are in the location where you have the new nwbroker RPM saved on the server.
rpm -Fvh nwbroker-10.6.4.1-7152.4.5f4d879.el6.x86_64.rpm
6. Start the nwbroker service and confirm functional status within the UI.
7. If there are any errors or issues, please contact RSA Customer Support for further assistance.