|Applies To||RSA Product Set: Security Analytics|
RSA Product/Service Type: Decoder, Log Decoder, Concentrator, Hybrid, Broker, All-in-One, Security Analytics Server
O/S Version: EL5, EL6
|Issue||By default, Security Analytics core appliances are configured to dump core files to the /var/netwitness/<appliance_type> directory. At times, this may cause an issue with disk space and could potentially affect a core service from running. |
The core file location may be altered, noting that core files that are too large to dump to the designated area will truncate.
|Resolution||Core dumps by default write to a core appliance's default working directory. That directory is defined in the configuration file located in the /etc/init directory and defined as <nwapplianceType>.conf. |
This example explains how to change the core dump directory for a Log Decoder, noting the .conf file name in /etc/init.d and the location of the chdir statement will change according to the appliance type with which you are working. Also ensure the directory you select for the core dump contains enough space to accommodate a core dump of several gigabytes in size. Never specify the root ( / ) directory as the location.