This section provides troubleshooting instructions for issues faced when using the Reporting module in NetWitness Suite.
Try the following steps if you face any issues while configuring the Linux SFTP server:
If the Report Output Action for the configured SFTP fails, you must SSH to the SFTP server and try to connect locally to check if SFTP is working fine.
Connect to SFTP server:
- If the Local connection fails, open the file sshd_config> vi /etc/ssh/sshd_config.
Check for the entry in the file:
# override default of no subsystems
Subsystem sftp /usr/libexec/openssh/sftp-server
- If this entry does not exist, add the two lines mentioned in Step 3 at the bottom of the file and Save it.
- Restart service from SSH > service sshd restart.
- Retry the SFTP connection now.
- Make sure SFTP port is not blocked by SA server appliance firewall. Update iptables rules to allow sftp port.
Meta Values in Investigation Link Issue
|Issue||When the device information on the datasource is changed, the Investigation link for the meta values of the executed reports is not displayed on the NWDB results page.|
Remove and re-add the datasource to Reporting Engine.
Note: This workaround is not applicable for reports that are already generated.
Internet Explorer 10 Browser Issue
|Issue||When you click the Test Rule multiple times in quick succession, results with large input data may not displayed in Internet Explorer 10.|
If this issue occurs, try one of the following steps:
Dynamic List Editing Issue
|Issue||A dynamic list cannot be added from the Edit option on the 'View All Schedules' page to an existing schedule.|
1. Reports > Select the report >
2. Click the #Schedules for the specific report
3. Select the schedule to be modified from the Report Schedule page
4. Edit the schedule
Deployment Failure Issue
|Issue||Deployment of reports fail, if the dependencies of certain compliance reports in Live are not deployed prior to the reports.|
Retry the deployment. If the problem persists, try to deploy the rule or list dependencies first and then deploy the reports.
Respond Server Issue
|Issue||When the Forward Alerts to Respond option is enabled and RabbitMQ connections to the Respond Server are blocked, some of the Reporting Engine threads may be blocked.|
Disable the Forward Alerts to Respond option until the RabbitMQ broker in the NetWitness Suite server at the Respond has begun and accepts the connections.
|Issue||Post-upgrade from 10.6.x to 11.1, Categories meta for incident collection is not supported.|
When using the Categories meta for incident collection, the results rendered are in an incorrect format. Hence this meta is not supported and you cannot use the categories meta in either select clause or where clause. Also, it is not available in the list of metas for selection in the Rule Builder page.