RSA Security Operations Management not aggregating Events properly when using Syslog
Originally Published: 2016-09-07
Article Number
Applies To
RSA Product/Service Type: SecOps
RSA Version/Condition: 1.3
Platform: Windows
Issue
2. Change the Incident Status field value from "New" to any other value (Assigned for example).
3. Save the Incident Record.
4. Notice when additional Security Events and/or Alerts come through, a new Security Incident is not created.
5. Notice that the Security Event is created but is not associated to any Security Alert or Security Incident.
Here is an example of the error reported in the Collector.log file:
14 Mar 2016 15:46:28,909 | ERROR - AbstractStep.execute(225) | Encountered an error executing step sendSylogIncidentToArcher in job pushSyslogEvents com.rsa.connector.framework.components.datastore.archer.exception.ArcherComunicationException: javax.xml.ws.soap.SOAPFaultException: Server was unable to process request. ---> The content XXXXXX in field Security Alerts violates the maximum value of 1 established in the related field. The content XXXXXXX in field Security Alerts violates the maximum value of 1 established in the related field. at com.rsa.srm.collector.messaging.batch.SyslogIncidentAddedTasklet.executeMessage(SyslogIncidentAddedTasklet.java:229) at com.rsa.srm.collector.messaging.batch.SyslogIncidentAddedTasklet.parseMessage(SyslogIncidentAddedTasklet.java:157) at com.rsa.srm.collector.messaging.batch.SyslogIncidentAddedTasklet.execute(SyslogIncidentAddedTasklet.java:121) at org.springframework.batch.core.step.tasklet.TaskletStep$ChunkTransactionCallback.doInTransaction(TaskletStep.java:406) at org.springframework.batch.core.step.tasklet.TaskletStep$ChunkTransactionCallback.doInTransaction(TaskletStep.java:330) at org.springframework.transaction.support.TransactionTemplate.execute(TransactionTemplate.java:133) at org.springframework.batch.core.step.tasklet.TaskletStep$2.doInChunkContext(TaskletStep.java:271) at org.springframework.batch.core.scope.context.StepContextRepeatCallback.doInIteration(StepContextRepeatCallback.java:77) at org.springframework.batch.repeat.support.RepeatTemplate.getNextResult(RepeatTemplate.java:368) at org.springframework.batch.repeat.support.RepeatTemplate.executeInternal(RepeatTemplate.java:215) at org.springframework.batch.repeat.support.RepeatTemplate.iterate(RepeatTemplate.java:144) at org.springframework.batch.core.step.tasklet.TaskletStep.doExecute(TaskletStep.java:257) at org.springframework.batch.core.step.AbstractStep.execute(AbstractStep.java:198) at org.springframework.batch.core.job.SimpleStepHandler.handleStep(SimpleStepHandler.java:148) at org.springframework.batch.core.job.flow.JobFlowExecutor.executeStep(JobFlowExecutor.java:64) at org.springframework.batch.core.job.flow.support.state.StepState.handle(StepState.java:67) at org.springframework.batch.core.job.flow.support.SimpleFlow.resume(SimpleFlow.java:165) at org.springframework.batch.core.job.flow.support.SimpleFlow.start(SimpleFlow.java:144) at org.springframework.batch.core.job.flow.FlowJob.doExecute(FlowJob.java:134) at org.springframework.batch.core.job.AbstractJob.execute(AbstractJob.java:304) at com.rsa.srm.collector.batch.PasswordAwareSimpleJobLauncher$1.run(PasswordAwareSimpleJobLauncher.java:99) at org.springframework.core.task.SyncTaskExecutor.execute(SyncTaskExecutor.java:50) at com.rsa.srm.collector.batch.PasswordAwareSimpleJobLauncher.run(PasswordAwareSimpleJobLauncher.java:93) at com.rsa.srm.collector.syslog.listener.SyslogMessageHandler$QueueWorker.executeWorkflow(SyslogMessageHandler.java:170) at com.rsa.srm.collector.syslog.listener.SyslogMessageHandler$QueueWorker.run(SyslogMessageHandler.java:157) Caused by: javax.xml.ws.soap.SOAPFaultException: Server was unable to process request. ---> The content 318493 in field Security Alerts violates the maximum value of 1 established in the related field. The content XXXXXXX in field Security Alerts violates the maximum value of 1 established in the related field. at org.apache.cxf.jaxws.JaxWsClientProxy.invoke(JaxWsClientProxy.java:158) at com.sun.proxy.$Proxy76.createRecord(Unknown Source) at com.rsa.connector.framework.components.datastore.archer.ArcherWSHelper$CreateRecordCallback.call(ArcherWSHelper.java:721) at com.rsa.connector.framework.components.datastore.archer.ArcherWSHelper.callArcher(ArcherWSHelper.java:399) at com.rsa.connector.framework.components.datastore.archer.ArcherWSHelper.createRecord(ArcherWSHelper.java:324) at com.rsa.connector.framework.components.datastore.archer.ArcherWSHelper.writeRecord(ArcherWSHelper.java:290) at com.rsa.connector.framework.components.datastore.archer.ArcherWSHelper.createRecord(ArcherWSHelper.java:213) at com.rsa.connector.framework.components.datastore.archer.ArcherDataStore.putData(ArcherDataStore.java:594) at com.rsa.connector.framework.components.datastore.archer.ArcherDataStore.handleData(ArcherDataStore.java:443) at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method) at sun.reflect.NativeMethodAccessorImpl.invoke(Unknown Source) at sun.reflect.DelegatingMethodAccessorImpl.invoke(Unknown Source) at java.lang.reflect.Method.invoke(Unknown Source) at org.springframework.aop.support.AopUtils.invokeJoinpointUsingReflection(AopUtils.java:317) at org.springframework.aop.framework.ReflectiveMethodInvocation.invokeJoinpoint(ReflectiveMethodInvocation.java:190) at org.springframework.aop.framework.ReflectiveMethodInvocation.proceed(ReflectiveMethodInvocation.java:157) at org.springframework.aop.framework.adapter.AfterReturningAdviceInterceptor.invoke(AfterReturningAdviceInterceptor.java:52) at org.springframework.aop.framework.ReflectiveMethodInvocation.proceed(ReflectiveMethodInvocation.java:179) at org.springframework.aop.interceptor.ExposeInvocationInterceptor.invoke(ExposeInvocationInterceptor.java:92) at org.springframework.aop.framework.ReflectiveMethodInvocation.proceed(ReflectiveMethodInvocation.java:179) at org.springframework.aop.framework.JdkDynamicAopProxy.invoke(JdkDynamicAopProxy.java:207) at com.sun.proxy.$Proxy28.handleData(Unknown Source) at com.rsa.srm.collector.messaging.batch.SyslogIncidentAddedTasklet.executeMessage(SyslogIncidentAddedTasklet.j
Cause
Resolution
2. Upgrade to SecOps 1.3.1
Related Articles
RSA Authentication Manager 8.3 RADIUS Reference Guide Number of Views Edit an Identity Source SSL Certificate Number of Views RSA Card Reset Utility unable to unlock/reset SmartCard PIN Number of Views Duplicate Failure Counts in Unified OTP REST API Flow Number of Views Where are RSA SecurID hardware tokens manufactured? Number of Views
Trending Articles
Downloading RSA Authentication Manager license files or RSA Software token seed records RSA MFA Agent 2.3.6 for Microsoft Windows Installation and Administration Guide Quick Setup Guide - Passwordless Authentication in Windows MFA Agent for Active Directory Mandatory Certificate Upgrade Required by 6th October 2025 for RSA MFA Agent for PAM, RSA MFA Agent for Apache, and Third … RSA Authentication Manager 8.9 Release Notes (January 2026)
Don't see what you're looking for?
