A few days ago, our ESA service went down. While I was able to restart the process, I'm attempting to determine what happened to it. I've gone through the log files in the following locations and did not find any OOM or other errors that would indicate the root cause. Are there any other logs or locations on the ESA server I could search?
/var/log/messages
/opt/rsa/esa/logs/esa.log.*
Thanks! That appears to be the right log file, although root cause still unknown.
WARN | wrapper | 2017/07/13 00:41:04 | JVM process was still running after receiving a SIGCHLD signal.
STATUS | wrapper | 2017/07/13 00:41:03 | Launching a JVM...
ERROR | wrapper | 2017/07/13 00:40:58 | JVM did not exit on request, terminated
ERROR | wrapper | 2017/07/13 00:40:58 | JVM appears hung: Timed out waiting for signal from JVM.
Hi you could also have a look in:
/opt/rsa/esa/wrapper.log
Common reasons for the ESA going down are rogue ESA Rules exhausting all available memory.