WTD WebPost Notification Stop Working
2 years ago
Originally Published: 2015-12-09
Article Number
000042968
Applies To
RSA Product Set: Web Threat Detection
RSA Product/Service Type: ActionServer
RSA Version/Condition: 5.1.1.5
Platform: RHEL
O/S Version: 6.x
Product Name: Web Threat Detection
Product Description: Product to detect fraud and threats to a web server.
Issue
The Web action can stop working if the webaction_cookies.txt file becomes corrupt.

  The file can found here:
/var/opt/silvertail/etc/conf.d/ActionServer-#/{webaction}_cookies.txt
# = The shard number for the component. (default is 0 and will commonly remain default)
{webaction} = The name of the webaction configured in SilverCat>ActionServer>webaction>webaction[#]. (default is web)

  How to tell if the webaction_cookies.txt file is corrupt:
If the files contents are exactly:
#LWP-Cookies-2.0
  The web action has successfully performed a GET and received the cookie from the web server and created the web_cookies.txt file correctly.
  If anything else is in the file other than '#LWP-Cookies-2.0', the file has become corrupt and will need to be removed/renamed so a new file can be created.

  This is difficult to troubleshoot as the system will fail silently in the /var/log/messages log. The only indication is the build up of failed alerts in /var/opt/silvertail/data/alerts.

 
Cause
  There is not a known cause at this time. It is possible that the cookie file become corrupt due to intentional or accidental changes or could be become corrupted if the cookie is no longer valid.
Resolution
To resolve this it is necessary to remove or rename the file. Webaction is not able to correct or modify the file once it has been created.

To delete:
cd /var/opt/silvertail/etc/conf.d/ActionServer-#/
            # is commonly 0
rm -rf {webaction}_cookies.txt
            where {webaction} is the name given to the webaction in SilverCat configuration.
To rename:
cd /var/opt/silvertail/etc/conf.d/ActionServer-#/
            # is commonly 0
mv {webaction}_cookies.txt {webaction}_cookies.new_extension.
            where {webaction} is the name given to the webaction in SilverCat configuration.
 
Notes
 Webaction is unable to update the file and the file indicates that a cookie is stored in the system to enable delivery of the web actions. If the file is blank do not edit the file with the text ‘#LWP-Cookies-2.0' as this assumes there is a working cookie still available in the system. Delete or rename the file to trigger the system to request a new cookie.
 
Other related articles for web action troubleshooting:
000031041 WTD web action to POST is not working properly when target server only allows POST method

Related Articles

Trending Articles

Don't see what you're looking for?