|Applies To||RSA Product Set: Security Analytics|
RSA Product/Service Type: SA Security Analytics UI
RSA Version/Condition: 10.5
|Issue||The following script can be used to troubleshoot slow performance issues. It will record the following information at regular 5 minute intervals:|
1. Copy the attached script to a location of your choice eg /root or a concentrator or broker
2. Make sure the script has executable permissions
3. The script can be run with ./stats.sh
4. It will output the results into a file called /tmp/stats.log
5. Add the following entry in /etc/crontab for the script to run every 5 minutes. Then run service crond restart to restart the cron daemon.
*/5 * * * * root /root/stats.sh
6. Add the following text to a file in /etc/logrotate.d/stats to ensure that the logs do not fill up the system
|Notes||The script contains the following lines:|
The script should be copied to a concentrator or broker. For a broker, the port on the last line will need to be changed to 50003 or the relevant port on your broker.
If on examining the output of the script you see the following "invalid username or password message" then make sure that you replace admin netwitness in the above script, with an account that is able to login to the concentrator or broker service. If your password contains special characters, then surround it with " "
RSA Security Analytics Console 10.5.2.0.7032