Article Number
000001190
Applies To
RSA Product Set: RSA NetWitness Platform
RSA Product/Service Type: Core Appliance
RSA Version/Condition: 11.5.2.0
Platform: CentOS
O/S Version: 7
Issue
Customer upgraded the entire Newitenss system including Malware 11.2.0.1 to 11.5.2 on 3/13.
Since then, no information logged in spectrum.log of Malware as shown below.
Image descriptionUpgrade was done with the following 2 stages.
- 11.2.0.1 > 11.3.2.1
- 11.3.2.1 > 11.5.2
It seems that this issue has occurred right after the upgrade to 11.3.2.1.
Cause
A lucene index write lock could be the reason because Malware cleans up old lucene indexes in the post-install script as part of the upgrade process.
Resolution
To resolve the issue, you need to follow the below steps.
- Stop Malware Service
# systemctl stop rsa-nw-malware-analytics-server.service
- Backup existing Malware log
# mkdir /var/netwitness/malware-analytics-server/spectrum/logs_old
# mv /var/netwitness/malware-analytics-server/spectrum/logs/* /var/netwitness/malware-analytics-server/spectrum/logs_old/
- Start Malware Service
# systemctl start rsa-nw-malware-analytics-server.service
Then, you are able to see that sepctrum.log of Malware starts logging.