Article Content
Article Number | 000029545 |
Applies To | RSA Product Set: Security Analytics, NetWitness Logs & Network RSA Product/Service Type: Log Collector RSA Version/Condition: 10.4, 10.5, 10.6, 11.x Platform: CentOS O/S Version: EL6, EL7 |
Issue | There are some scenarios where limited bandwidth between VLC (remotely using VPN or small bandwidth) and LC that can be resolved by using a script that RSA provides to throttle traffic. This script is located on the VLC and is called set-shovel-transfer-limit.sh |
Tasks | The script is located on /opt/netwitness/bin/set-shovel-transfer-limit.sh on the VLC. Running the script without any usage will print out usage as seen below: Usage: ./set-shovel-transfer-limit.sh -s|-c|-d|-m [-i interface] [-p port] [-r rate] where: -c = clear existing ex. tc qdisc del dev eth0 root iptables --flush OUTPUT --table mangle -d = display filter ex. iptables -t mangle -n -v -L tc -s -d class show dev eth0 -m = monitor filter ex. watch tc -s -d class show dev eth0 -s = set new values interface is the name of the network interface. default=eth0 port is the port number for rabbit shovel. default=5671 rate is the bandwidth rate. default=256kbps Bandwidths or rates can be specified in: kbps = Kilobytes per second mbps = Megabytes per second kbit = Kilobits per second mbit = Megabits per second bps = Bytes per second "nolimit" disables |
Resolution | This syntax example demonstrates limiting bandwidth between VLC and the Local Collector (Log Decoder) to 512kbps, noting that the commands are run as root from the command line on the VLC: #/opt/netwitness/bin/set-shovel-transfer-limit.sh -s -r 512kbps Stats can be seen by running the following command: #/opt/netwitness/bin/set-shovel-transfer-limit.sh -m watch tc -s -d class show dev eth0 |