000026715 - How to disable IPv6 at the kernel level on RSA Security Analytics appliances

Document created by RSA Customer Support Employee on Jun 14, 2016Last modified by RSA Customer Support on Sep 23, 2019
Version 3Show Document
  • View in full screen mode

Article Content

Article Number000026715
Applies ToRSA Product Set: NetWitness Logs & Network
RSA Product/Service Type:
All hosts
RSA Version/Condition: 10.x
IssueHow to disable IPv6 at the kernel level on RSA Security Analytics appliances.

RSA Security Analytics parses the Concentrator logs and sometimes the client.ip is displayed with preceding "::fff:" which makes it not possible to parse the IPv4 IP. User tries to disable IPv6 under the interfaces but no differences are apparent. The log looks like the following:

           User admin (session 632, [::ffff:]:56617) has requested the SDK language: id1=0 id2=0 time1=0 time2=0 options flags=1 size=10000

To disable IPv6, follow the steps below:

  1. Edit file /etc/sysctl.conf

    vi /etc/sysctl.conf

  2. Add the following lines:

    net.ipv6.conf.all.disable_ipv6 = 1
    net.ipv6.conf.default.disable_ipv6 = 1

          User-added image
  3. Save and exit the file.
  4. Execute the following command to reflect the changes.

    sysctl -p

       To re-enable IPv6, remove the above lines from /etc/sysctl.conf and reboot the machine.


Note: If you are unsure of any of the steps above or experience any issues, contact RSA Support and quote this article ID for further assistance.

Legacy Article IDa67152