Hi, I am having problems with the Broker and the IPDB Extractor services since the 10.4.1 update. I see them just fine in the services view with everything green but in reality they are not working at all.
For example, when I click on the Broker to manage it, I get the following message instead of the config page:
Service 127.0.0.1 host MYHOST - Broker is unreachable
Same thing with the IPDB Extractor service :
Service 127.0.0.1 host MYHOST - IPDB Extractor is unreachable
Everything else works fine. Logs are collected/decoded and I can investigate logs through the Concentrator. Any ideas what is wrong? I tried the basics : restart the services, stop/start, remove/add them again with and without SSL, rebooted the appliance, etc. but nothing has made it.
This sounds like a permissions issue to me. If your services are communicating via the 10.4 Trust Model then you will want to make sure that your "rdes071" user belongs to a Role/Group that has administrative access to the Broker and IPDB Extractor services.
If your services are communicating using the legacy method (with a username and password specified in the connection rather than using the SSL certificates), then you may need to add the "rdes071" user as a device user by following the steps below.
Login to the Security Analytics UI as the admin user.
Navigate to the Administration -> Services page.
Click on the Actions button for the Broker service in the far right column and select View -> Security.
Click on the Add ( + ) button underneath the Users tab.
Type in the username of the user and press Enter.
In the pane that appears on the right, type in the relevant User Information.
If the user is externally authenticated, be sure to select External for the Auth Type. Otherwise, if the user is local to the Security Analytics environment, select Netwitness.
Under Role Membership, check the box for the group(s) to which the user is assigned.
Scroll down and click on the blue Apply button.
Click on the Replicate button next to the Add ( + ) and Remove ( - ) buttons.
Select the IPDB Extractor service and click the Replicate button.
Below is a screenshot of what that would look like.
I hope this helps. If you need further assistance, feel free to call 800-995-5095 and dial 9 or send an email to email@example.com and the Support team will be happy to help you out.