000029322 - How to increase the event payload size on an RSA Security Analytics Malware Analysis appliance

Document created by RSA Customer Support Employee on Jun 14, 2016Last modified by RSA Customer Support on Sep 6, 2019
Version 3Show Document
  • View in full screen mode

Article Content

Article Number000029322
Applies ToRSA Product Set: Security Analytics
RSA Product/Service Type: Malware Analysis
RSA Version/Condition: 10.x
Platform: CentOS
O/S Version: 6
IssueSome events sources generate logs bigger than 16K in size. By default, the length of the maximum message size the log collector can collect is set to 16K.  This default value may however be increased up to 64K (maximum).
ResolutionTo increase the maximum payload, begin by logging in as an administrative account to the Security Analytics UI, then select Administration > Devices (or Services if using 10.4), and select the Malware device (or service if using 10.4).

On the device/service,
  1. Navigate to Explore > Event-Processors > <instance name>> Destinations > Logdecoder > Consumer > Processors>  Tcpconnector > Config/Connector Event size
  2. Set the value of an appropriate size in bytes, noting the maximum event size that can be set is 65536 (64K).