How to Troubleshoot-Hourly Processing is Not Working Properly in RSA Web Threat Detection 5.1
RSA Product Set: Web Threat Detection RSA Product/Service Type: Forensics RSA Version/Condition: 5.1 Platform: Linux
Forensics UI is not displaying hourly 'blue bars' .
To determine the cause of issues with WTD when blue bars are not showing that the hourly processing is working (and general practice for many issues in WTD)
1. Determine if there were any changes in WTD configuration, or networking or OS environment. 2. Go to the VARZ grapher and look at the message flow across the components from
Silvertap to Front Plex to SilverSurfer to Back Plex to Mitigator to Alert plex to Alert Server and Organizer
Each of these are separate components/processes that take their messages off the Back Plex.
Issues with Silvertap may need Customer Networking team to verify that the connection from network hardware to the Silvertap is working properly.
Identify places where the message flow has stopped or the message queue has increased.
Note CPU and Memory usage with these identified components that are showing problems.
A. Go to /var/log/messages and look for error and var/log/silvertail/ for component log B. Look at top -H in the console for WTD processes that are consuming large memory and cpu cycles. C. Consider a restart if there are no errors seen above.
5. Observe results of a restart of services, or if issues are persisting contact Customer Support for further assistance. 6. Go to var/opt/silvertail/data/tasks and /indexer folders and make sure the completed folders of each are empty.
Note: If still having an issue consider contacting Customer Support for further assistance.
It is difficult to provide a complete troubleshooting flow, but the steps included in this article can be used by Customer Support Engineers and our Customers to initiate steps towards a cause and resolution.