|Applies To||RSA Product Set: Security Analytics, NetWitness Logs & Network|
RSA Product/Service Type: Event Stream Analysis (ESA), User Interface
RSA Version/Condition: 10.6.x.x
|Issue||This issue is reported when the Event Stream Analysis interface is changed as required by a customer.|
However, iptables entries are going back to the default interface every time it is restarted or rebooted and puppet agent -t executes and the RSA Event Stream Analysis appliance.
|Cause||A customer was previously using em1 and has now moved the interface to em2, changing the iptables entry (replacing em1 with em2). However, whenever the server is restarted or rebooted and puppet agent -t executes, the iptable entries revert back to using the em1 interface. |
Below is the location of iptables on the RSA Event Stream Analysis Server which shows the interface.
Running ifconfig shows the interface actually being used.
Verify that the connection from the RSA Security Analytics server to the RSA Event Stream Analysis connection is not successful on port 50030 when the iptable service is running. SSH to RSA Security Analytics Server and run the following:
To resolve the issue,