This website uses cookies. By clicking Accept, you consent to the use of cookies. Click Here to learn more about how we use cookies.
Accept
Reject
Register Now
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
NetWitness Knowledge Base Archive
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

RSA Security Analytics Historical graph showing "No chart data available" for selected time range

Article Number

000032607

Applies To

RSA Product Set: Security Analytics
RSA Product/Service Type: Health & Wellness, Security Analytics UI
RSA Version/Condition: 10.4.x, 10.5.x
 

Issue

When navigating to Health & Wellness -> System Stats Browser -> Historical graph, it is not showing values for some statistics such as Meta Rate (Current), Meta Rate (maximum), Session Rate(Current), Session Rate (maximum) and Sessions Behind.

Image descriptionImage description
Image descriptionImage description

Cause

Long Host Name being more than 64 Characters for Decoder Source in Concentrator.
Stats are arriving from collectd of the Concentrator into SMS but due to the long host name, the message is not being handled by SMS correctly.

For example, on the Security Analytics server, the decoder source is stored as "concentrator_devices.192.168.x.x:56004" under /var/lib/netwitness/collectd/rrd/UUID
Image descriptionImage description

If the user replaces the IP address with its Decoder hostname, it becomes 64 Characters long such as "concentrator_devices.rsa_longer_decoder_hostname:56004".
64 Characters is the limit for a complete property name.

 

Resolution

A feature enhancement request has been submitted to support longer hostnames that exceed 63 Characters in the System Monitoring Service (SMS).

Workaround

  1. Connect to the Concentrator via SSH as the root user.
  2. Replace each occurrence of the Source Decoder hostname with IP Address in NwConcentrator.cfg file, as shown in the example below. 
    Source Decoder hostname : rsa_longer_source_decoder_hostname
IP : 192.168.10.10
 
# cd /etc/netwitness/ng/
# cp NwConcentrator.cfg NwConcentrator.cfg.bak
# vi NwConcentrator.cfg
    Press colon (:) and enter the line below, which changes.line, It changes only whole words exactly matching hostname to IP address.  After confirming the command, you can save the file and exit by typing :wq! 
    %s/\<rsa_longer_source_decoder_hostname\>/192.168.10.10/gc
  3. Restart the Concentrator service by going to Administration -> Services -> Concentrator -> System, stopping aggregation, and then clicking on Shutdown Service.
  4. Connect to the Security Analytics Server via SSH as the root user and issue the following commands: 
    # service rsa-sms stop
# service rsa-sms start
# stop jettysrv
# start jettysrv
0 Likes
Was this article helpful? Yes No
No ratings

In this article

Version history
Last update:
‎2020-12-13 12:42 AM
Updated by:
Administrator Administrator

Related Content

© 2022 RSA Security LLC or its affiliates. All rights reserved.