000029322 - How to increase the event payload size on an RSA Security Analytics Malware Analysis appliance

Document created by RSA Customer Support Employee on Jun 14, 2016Last modified by RSA Customer Support Employee on Apr 21, 2017
Version 2Show Document
  • View in full screen mode

Article Content

Article Number000029322
Applies ToRSA Product Set: Security Analytics
RSA Product/Service Type: Malware Analysis
RSA Version/Condition: 10.x
Platform: CentOS
O/S Version: 6
IssueSome events sources generate logs bigger than 16K. By default, the length of the maximum message size the log collector can collect is set to 16K.  
This default value may however be increased up to 64K (maximum).
ResolutionTo increase the maximum payload, begin by logging in as an administrative account to the Security Analytics UI, then select Administration->Devices (or services if using 10.4), and select the Malware device (or service if using 10.4)
On the device/service, perform the following:
Explore/Event-Processors/<instance name>/Destinations/Logdecoder/Consumer/Processors/Tcpconnector/Config/Connector/Event size
Set the value of an appropropriate size in bytes, noting the maximum event size is set at 65536 (64k).