ESA Alerts Summary Page Does Not Show Stats
Originally Published: 2015-01-06
Article Number
Applies To
RSA Product/Service Type: SA Event Stream Analysis
RSA Version/Condition: 10.4.0.2
Platform: CentOS
Platform (Other): null
O/S Version: 6
Product Name: null
Product Description: null
Issue
Cause
Resolution
First, we need to check the size of the ESA alerts database.
# ls -lh /opt/rsa/database/tokumx/esa_alert* If this is over 5 gigs, we need to reduce the size.
Unfortunately, there is no size reduction available in the Mongo database.
We need to re-create the database to accomplish this.
The following steps can be done to accomplish this.
# service rsa-esa stop
delete all unneeded alerts from the database to make the recordset smaller
export the remaining esa alert data using the mongodump command:
Check to see if the dump is created
#ls -ltr /root/db
if you have data in other databases that you need to preserve (im, datascience), repeat the command changing the -d, -c, -u, -p with appropriate values
stop puppet
# service puppet stop
stop tokumx
#service tokumx stop
Backup the old database
# mv /opt/rsa/database /opt/rsa/database.old
Backup the tokumx conf file
#mv /etc/tokumx.conf /etc/tokumx.bak
Move the tokumx orig file to conf file
#mv /etc/tokumx.conf.orig /etc/tokumx
Get the correct version of the rsa-esa rpm
#rpm -qa|grep esa
Uninstall the rpm
#rpm -e rsa-esa-server-10.4.x.x.1421-5.x86_64
Reinstall rsa-esa rpm (it will recreate the databases)
#rpm -ivh rsa-esa-server-10.4.0.0.1421-5.x86_64.rpm
or
#yum install rsa-esa
Import back your alerts.
#mongorestore -vvvv -u esa -p esa -d esa --noLoader /root/db/esa
repeat for other databases if needed
start rsa-esa
# service rsa-esa start
start puppet
# service puppet start
Now, go back to the UI, the alerts should now show.
To prevent the database from getting too large, go to explorer view on ESA box
(Alert / Storage / Maintenance)
Change enable to true
Datbase Disk Usage Limit in MB 3000
This will make ESA roll over after 3 gigs is reached.
Related Articles
Primary does not communicate with replica. Activity monitor does not show messages. Number of Views Import of an AFX connector does not show the display name of the connector in RSA Identity Governance & Lifecycle Number of Views SSL write error error:14095412:SSL routines:SSL3_READ_BYTES:sslv3 alert bad certificate Number of Views Email Phishing Security Incident Alert – November 8, 2024 Number of Views The RSA Identity Governance and Lifecycle view for V_AVR_ACCOUNT_ENTITLEMENTS does not include all expected data in RSA Id… Number of Views
Trending Articles
Passwordless Authentication in Windows MFA Agent for Active Directory – Quick Setup Guide RSA Authentication Manager 8.9 Release Notes (January 2026) RSA Authentication Manager Upgrade Process RSA Authentication Manager 8.7 SP2 Setup and Configuration Guide An example of SSO using SAML and ADFS with RSA Identity Management and Governance 6.9.x
Don't see what you're looking for?
