File Collection logs are not coming to RSA Security Analytics post upgrade to 10.5.1.2 or 10.6.0.0
RSA Product Set: Security Analytics RSA Product/Service Type: SA Security Analytics Server (AIO), SA Log Collector, SA Log Decoder, SA Log Hybrid, SA Virtual Log Collector RSA Version/Condition: 10.6.0.0,10.5.1.2
Post upgrade to 10.5.1.2/10.6.0.0 versions, the File collection logs are not coming into Security Analytics.
This issue is due to SELINUX settings in /etc/sysconfig/selinux file.
Please follow below steps for getting File collection logs.
1. Login to putty session of Logcollector service. 2. Please edit /etc/sysconfig/selinux file to change SELINUX value as below.
3. Reboot the appliance. 4. Verify the Filecollection logs using Investigation page.