|Applies To||RSA Product Set: Security Analytics|
RSA Product/Service Type: Malware Analysis
RSA Version/Condition: 10.x
O/S Version: 6
|Issue||Some events sources generate logs bigger than 16K. By default, the length of the maximum message size the log collector can collect is set to 16K. |
This default value may however be increased up to 64K (maximum).
|Resolution||To increase the maximum payload, begin by logging in as an administrative account to the Security Analytics UI, then select Administration->Devices (or services if using 10.4), and select the Malware device (or service if using 10.4)|
On the device/service, perform the following:
Explore/Event-Processors/<instance name>/Destinations/Logdecoder/Consumer/Processors/Tcpconnector/Config/Connector/Event size
Set the value of an appropropriate size in bytes, noting the maximum event size is set at 65536 (64k).