Article Number | 000037617 |
Applies To | RSA Product Set: NetWitness Logs & Network RSA Product/Service Type: Core Appliance RSA Version/Condition: 11.x Platform: Cent OS O/S Version: 7 Product Name: RSA NetWitness |
Issue | If Netwitness Server and Malware Analysis OS timezone are not configured as UTC, it displays differences between "Date Archived" and "Session Time" of Malware GUI. In case of KST(Korea Standard Time) OS timezone, it shows 30 minutes time differences in Malware GUI as shown below.
 |
Cause | This is because the RSA Netwitness Server and Malware Analysis OS timezones are not configured to use UTC as shown in the example below(KST).
 |
Resolution | You can fix this issue if you change the RSA Netwitness Server and Malware Analysis OS timezones from {Your_Timezone} to UTC. |
Workaround | If the customer does not allow to change current OS timezone, follow these steps to fix the issue.
- Connect to the Malware Analysis appliance via SSH.
- Add the following phrase ("-Duser.timezone=UTC") starting "ExecStart" variable in /etc/systemd/system/multi-user.target.wants/rsa-nw-malware-analytics-server.service as shown below.
 - Restart the Malware Analysis service.
# systemctl daemon-reload # systemctl restart rsa-nw-malware-analytics-server.service
After the above steps, the time difference issue will be resolved.
 |