NetWitness Community

yazantaleb01 · ‎2023-10-13

Hello,

I have a problem with MongoDB on the ESA server, the service 'mongod' keeps going down continuosly, and I had to restart it manually each time.

The data stored in the database seems to be fine, I can view 'Respond' page and handle the incidents and alerts after starting the service.

I checked and monitored the log file (mongod.log) and all I can find is 'Slow Query' records for almost all rules and alerts.

I'm suspecting that this problem is caused by lack of resources (especially memory).

Is there any thing can help to determine the root cause of this problem?

Thanks.

JohnKisner · ‎2023-10-25

Can you tell me if this is a virtual ESA or a physical one that was purchased from NetWitness? If it is a virtual one, can you confirm that the minimum hardware has been provided to the vm? If you aren't sure of the requirements, please consult the Appendix C of the Virtual Host Installation Guide https://community.netwitness.com/t5/netwitness-platform-online/virtual-host-installation-guide-for-12-2/ta-p/696828

This is the 12.2 version of the guide but you can find a version of the guide that is closer to your actual environment version.

yazantaleb01 · ‎2023-11-08

Hi,

It's a virtual server, I believe this problem is due to misconfigured incident rules that are generating huge amount of alarms on the system.

We're trying to tune the rules and monitor the behavior of the server.

ESA Server - MongoDB Issue