In some circumstances, it may be necessary to create a new lockbox for the Log Collector in RSA Security Analytics.  An example of this would be when Event Sources cannot be added and the user is getting the error "Can't open lockbox."  To do so, follow the steps below.

(Please note that all stored passwords for the event sources will need to be re-entered after the new lockbox is created.)

1. Connect to the Log Collector appliance via SSH as the root user.
2. Change directory to /etc/netwitness/ng/vault/ with the following command:  cd /etc/netwitness/ng/vault
3. Make a new directory to backup the existing lockbox with the following command:  mkdir old
4. Move the existing lockbox files to that directory with the following command:  mv -vi lockbox lockbox.FCD lockbox.bak lockbox.bak.FCD old
5. Log in to the RSA Security Analytics UI and navigate to Administration -> Devices.
6. Select the Log Collector device and click on View -> Config.
7. Click on the Settings tab.
8. Leave the "Old Lockbox Password" field blank and enter a new password in the "New Lockbox Password" field.
9. Click Apply.

If you are unsure of any of the steps above or experience any issues, contact RSA Support and quote this article ID for further assistance.