Hello i tried to deploy the following rule today:Logins across multiple servers esa000168 in our environment RSA NetWitness Logs v 10.6.4.1 but i have error: ESA was unable to deploy one or more rules, and these rules were disabled. Common issues include: missing metadata, invalid rule syntax, and unavailable external connections at the time of deployment.
Please any idea ?
1. SSH to the ESA appliance
2. Run: tail -f /opt/rsa/esa/logs/esa.log
3. Try to Deploy the rule again
4. Check the logs for the error
Based on the error, it may be apparently what is exactly the issue. If you cannot identify the issue, then post the error (with any sensitive info redacted) and we can move forward with root cause analysis.