000026715 - How to disable IPv6 at the kernel level on RSA Security Analytics appliances

Document created by RSA Customer Support Employee on Jun 14, 2016Last modified by RSA Customer Support Employee on Apr 21, 2017
Version 2Show Document
  • View in full screen mode

Article Content

Article Number000026715
Applies ToRSA Security Analytics
IssueHow to disable IPv6 at the kernel level on RSA Security Analytics appliances.
Resolution

RSA Security Analytics parses the Concentrator logs and sometimes the client.ip is displayed with preceeding "::fff:" which makes it not possible to parse the IPv4 IP. User tries to disable IPv6 under the interfaces but no differences are apparant. The log looks like the following:


           User admin (session 632, [::ffff:192.168.123.249]:56617) has requested the SDK language: id1=0 id2=0 time1=0 time2=0 options flags=1 size=10000


To disable IPv6, add the lines below in the /etc/sysctl.conf file, and then reboot the appliance.



net.ipv6.conf.all.disable_ipv6 = 1
net.ipv6.conf.default.disable_ipv6 = 1



 


If you are unsure of any of the steps above or experience any issues, contact RSA Support and quote this article ID for further assistance.

Legacy Article IDa67152

Attachments

    Outcomes