RSA Security Operations Management not aggregating Events properly when using Syslog
Originally Published: 2016-09-07
Article Number
Applies To
RSA Product/Service Type: SecOps
RSA Version/Condition: 1.3
Platform: Windows
Issue
2. Change the Incident Status field value from "New" to any other value (Assigned for example).
3. Save the Incident Record.
4. Notice when additional Security Events and/or Alerts come through, a new Security Incident is not created.
5. Notice that the Security Event is created but is not associated to any Security Alert or Security Incident.
Here is an example of the error reported in the Collector.log file:
14 Mar 2016 15:46:28,909 | ERROR - AbstractStep.execute(225) | Encountered an error executing step sendSylogIncidentToArcher in job pushSyslogEvents com.rsa.connector.framework.components.datastore.archer.exception.ArcherComunicationException: javax.xml.ws.soap.SOAPFaultException: Server was unable to process request. ---> The content XXXXXX in field Security Alerts violates the maximum value of 1 established in the related field. The content XXXXXXX in field Security Alerts violates the maximum value of 1 established in the related field. at com.rsa.srm.collector.messaging.batch.SyslogIncidentAddedTasklet.executeMessage(SyslogIncidentAddedTasklet.java:229) at com.rsa.srm.collector.messaging.batch.SyslogIncidentAddedTasklet.parseMessage(SyslogIncidentAddedTasklet.java:157) at com.rsa.srm.collector.messaging.batch.SyslogIncidentAddedTasklet.execute(SyslogIncidentAddedTasklet.java:121) at org.springframework.batch.core.step.tasklet.TaskletStep$ChunkTransactionCallback.doInTransaction(TaskletStep.java:406) at org.springframework.batch.core.step.tasklet.TaskletStep$ChunkTransactionCallback.doInTransaction(TaskletStep.java:330) at org.springframework.transaction.support.TransactionTemplate.execute(TransactionTemplate.java:133) at org.springframework.batch.core.step.tasklet.TaskletStep$2.doInChunkContext(TaskletStep.java:271) at org.springframework.batch.core.scope.context.StepContextRepeatCallback.doInIteration(StepContextRepeatCallback.java:77) at org.springframework.batch.repeat.support.RepeatTemplate.getNextResult(RepeatTemplate.java:368) at org.springframework.batch.repeat.support.RepeatTemplate.executeInternal(RepeatTemplate.java:215) at org.springframework.batch.repeat.support.RepeatTemplate.iterate(RepeatTemplate.java:144) at org.springframework.batch.core.step.tasklet.TaskletStep.doExecute(TaskletStep.java:257) at org.springframework.batch.core.step.AbstractStep.execute(AbstractStep.java:198) at org.springframework.batch.core.job.SimpleStepHandler.handleStep(SimpleStepHandler.java:148) at org.springframework.batch.core.job.flow.JobFlowExecutor.executeStep(JobFlowExecutor.java:64) at org.springframework.batch.core.job.flow.support.state.StepState.handle(StepState.java:67) at org.springframework.batch.core.job.flow.support.SimpleFlow.resume(SimpleFlow.java:165) at org.springframework.batch.core.job.flow.support.SimpleFlow.start(SimpleFlow.java:144) at org.springframework.batch.core.job.flow.FlowJob.doExecute(FlowJob.java:134) at org.springframework.batch.core.job.AbstractJob.execute(AbstractJob.java:304) at com.rsa.srm.collector.batch.PasswordAwareSimpleJobLauncher$1.run(PasswordAwareSimpleJobLauncher.java:99) at org.springframework.core.task.SyncTaskExecutor.execute(SyncTaskExecutor.java:50) at com.rsa.srm.collector.batch.PasswordAwareSimpleJobLauncher.run(PasswordAwareSimpleJobLauncher.java:93) at com.rsa.srm.collector.syslog.listener.SyslogMessageHandler$QueueWorker.executeWorkflow(SyslogMessageHandler.java:170) at com.rsa.srm.collector.syslog.listener.SyslogMessageHandler$QueueWorker.run(SyslogMessageHandler.java:157) Caused by: javax.xml.ws.soap.SOAPFaultException: Server was unable to process request. ---> The content 318493 in field Security Alerts violates the maximum value of 1 established in the related field. The content XXXXXXX in field Security Alerts violates the maximum value of 1 established in the related field. at org.apache.cxf.jaxws.JaxWsClientProxy.invoke(JaxWsClientProxy.java:158) at com.sun.proxy.$Proxy76.createRecord(Unknown Source) at com.rsa.connector.framework.components.datastore.archer.ArcherWSHelper$CreateRecordCallback.call(ArcherWSHelper.java:721) at com.rsa.connector.framework.components.datastore.archer.ArcherWSHelper.callArcher(ArcherWSHelper.java:399) at com.rsa.connector.framework.components.datastore.archer.ArcherWSHelper.createRecord(ArcherWSHelper.java:324) at com.rsa.connector.framework.components.datastore.archer.ArcherWSHelper.writeRecord(ArcherWSHelper.java:290) at com.rsa.connector.framework.components.datastore.archer.ArcherWSHelper.createRecord(ArcherWSHelper.java:213) at com.rsa.connector.framework.components.datastore.archer.ArcherDataStore.putData(ArcherDataStore.java:594) at com.rsa.connector.framework.components.datastore.archer.ArcherDataStore.handleData(ArcherDataStore.java:443) at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method) at sun.reflect.NativeMethodAccessorImpl.invoke(Unknown Source) at sun.reflect.DelegatingMethodAccessorImpl.invoke(Unknown Source) at java.lang.reflect.Method.invoke(Unknown Source) at org.springframework.aop.support.AopUtils.invokeJoinpointUsingReflection(AopUtils.java:317) at org.springframework.aop.framework.ReflectiveMethodInvocation.invokeJoinpoint(ReflectiveMethodInvocation.java:190) at org.springframework.aop.framework.ReflectiveMethodInvocation.proceed(ReflectiveMethodInvocation.java:157) at org.springframework.aop.framework.adapter.AfterReturningAdviceInterceptor.invoke(AfterReturningAdviceInterceptor.java:52) at org.springframework.aop.framework.ReflectiveMethodInvocation.proceed(ReflectiveMethodInvocation.java:179) at org.springframework.aop.interceptor.ExposeInvocationInterceptor.invoke(ExposeInvocationInterceptor.java:92) at org.springframework.aop.framework.ReflectiveMethodInvocation.proceed(ReflectiveMethodInvocation.java:179) at org.springframework.aop.framework.JdkDynamicAopProxy.invoke(JdkDynamicAopProxy.java:207) at com.sun.proxy.$Proxy28.handleData(Unknown Source) at com.rsa.srm.collector.messaging.batch.SyslogIncidentAddedTasklet.executeMessage(SyslogIncidentAddedTasklet.j
Cause
Resolution
2. Upgrade to SecOps 1.3.1
Related Articles
What is the maximum number of seeds in a batch RSA Security can ship on a floppy disk? Number of Views AAOP batch loader utility issue - Configuration problem - please check that the following parameter is configure: com.rsa.… Number of Views SQL Exception in the RSA Identity Governance and Lifecycle UI while saving the workflow after rollback Number of Views Batch Jobs Number of Views Unable to start the aserver from the command line in debug mode 'java.lang.NumberFormatException: For input string: '0:0:… Number of Views
Trending Articles
Troubleshooting RSA SecurID Access Identity Router to RSA Authentication Manager test connection failures RSA SecurID Software Token 5.0.2 Downloads for Microsoft Windows RSA Authentication Manager 8.9 Release Notes (January 2026) Quick Setup Guide - Passwordless Authentication in Windows MFA Agent for Active Directory RSA Authentication Manager 8.8 Setup and Configuration Guide
Don't see what you're looking for?
