No new alerts triggered even though the rule matches the meta of the events generated.
Trying to connect to the Mongo DB on the ESA appliance results in the following error:
mongo esa -u esa -p esa
TokuMX mongo shell v1.4.2-mongodb-2.4.10
connecting to: esa
Thu Feb 4 11:11:50.408 Error: couldn't connect to server 127.0.0.1:27017 at /data/package-rpm-el6/build/BUILD/tokumx-enterprise-1.4.2/src/mongo/shell/mongo.js:145
The tokumx logs located at /var/logs/tokumx show the error below.
Sun Jan 31 07:16:17.552 [conn1069] warning: No such role, "clusterAdmin", in database esa. No privileges will be acquired from this role
Sun Jan 31 07:25:11.304 [conn1070] authenticate db: esa { authenticate: 1, user: "esa", nonce: "276dd14d62dfac2f", key: "91f4eb9a3b63ddc2de9242407d3d3a72" }
Sun Jan 31 07:25:11.304 [conn1070] warning: No such role, "clusterAdmin", in database esa. No privileges will be acquired from this role
Sun Jan 31 07:25:11.306 [conn1071] authenticate db: esa { authenticate: 1, user: "esa", nonce: "ff41294fba08618a", key: "a1d056610259a83a9ac91f9e420241dc" }
Sun Jan 31 07:25:11.306 [conn1071] warning: No such role, "clusterAdmin", in database esa. No privileges will be acquired from this role
Delete the mongod.lock file on the ESA appliance under /opt/rsa/database/tokumx directory and restart the tokumx service.
rm mongod.lock
service tokumx restart