000032556 - Mongo database connection fails with an error resulting in no new ESA alerts in RSA Security Analytics

Document created by RSA Customer Support Employee on Mar 17, 2018Last modified by RSA Customer Support Employee on Mar 17, 2018
Version 2Show Document
  • View in full screen mode

Article Content

Article Number000032556
Applies ToRSA Product Set: Security Analytics, NetWitness Logs & Packets
RSA Product/Service Type: Event Stream Analysis (ESA)
RSA Version/Condition: 10.5.0.0, 10.6.4
IssueNo new alerts triggered even though the rule matches the meta of the events generated.

Trying to connect to the Mongo DB on the ESA appliance results in the following error:

mongo esa -u esa -p esa

TokuMX mongo shell v1.4.2-mongodb-2.4.10
connecting to: esa
Thu Feb  4 11:11:50.408 Error: couldn't connect to server 127.0.0.1:27017 at /data/package-rpm-el6/build/BUILD/tokumx-enterprise-1.4.2/src/mongo/shell/mongo.js:145

 
The tokumx logs located at /var/logs/tokumx show the error below.

Sun Jan 31 07:16:17.552 [conn1069] warning: No such role, "clusterAdmin", in database esa. No privileges will be acquired from this role
Sun Jan 31 07:25:11.304 [conn1070]  authenticate db: esa { authenticate: 1, user: "esa", nonce: "276dd14d62dfac2f", key: "91f4eb9a3b63ddc2de9242407d3d3a72" }
Sun Jan 31 07:25:11.304 [conn1070] warning: No such role, "clusterAdmin", in database esa. No privileges will be acquired from this role
Sun Jan 31 07:25:11.306 [conn1071]  authenticate db: esa { authenticate: 1, user: "esa", nonce: "ff41294fba08618a", key: "a1d056610259a83a9ac91f9e420241dc" }
Sun Jan 31 07:25:11.306 [conn1071] warning: No such role, "clusterAdmin", in database esa. No privileges will be acquired from this role
ResolutionDelete the mongod.lock file on the ESA appliance under /opt/rsa/database/tokumx directory and restart the tokumx service.

rm mongod.lock
service tokumx restart




 

Attachments

    Outcomes