Dedicated malware appliance; Malware service offline
I have a dedicated malware appliance, integrated into our main head unit. The broker service from that appliance is working fine, however the malware appliance is showing offline. Puppet agent -t returns everything correctly. The service is running on the appliance. I have rebooted the appliance with no change. No failed drives. It used to be running 10.4.*, so I stepped it up into 10.6.2 hoping it would fix the issue, but it didnt. Does anyone have any clue what I could be missing?
- Community Thread
- Forum Thread
- RSA NetWitness
- RSA NetWitness Platform
It might sound like a strange question but based on your "Malware Analysis" graph, the service doesn't appear to be license. Next I would check to make sure the port is listening (netstat -an | grep :60007) and the firewall isn't blocking access to the port (iptables -nL | grep 60007) if the Malware Analysis box is on a different server than SA.
This is true, however, I am running a very large architecture with multiple head units tied into one, and the red banner/licensing thing is something we deal with since there isnt really a fix for it yet. This is a stand alone malware box, and we have decided to build stick out this box in hopes that it will be a cleaner build take care of this issue all along. I upgraded it in steps from 10.4.* up to 10.6.2 successfully and with minimal issues, but there were SOME issues. Its not easy to come up with what happened and where, but it just seemed easier to build stick out.