000017623 - Jetty 9 logs fill rapidly due to noisy LoggingFilter entries on the RSA Security Analytics server

Document created by RSA Customer Support Employee on Jun 14, 2016Last modified by RSA Customer Support Employee on Apr 21, 2017
Version 2Show Document
  • View in full screen mode

Article Content

Article Number000017623
Applies ToRSA Security Analytics
RSA Security Analytics 10.3
RSA Security Analytics Server
Jetty 9
IssueJetty 9 logs fill rapidly due to noisy LoggingFilter entries on the RSA Security Analytics server.

The logs in the /opt/rsa/jetty9/logs directory become very large due to frequent org.apache.mina.filter.logging.LoggingFilter entries similar to the example below.



2014-09-18 14:23:42,720 [NioProcessor-36] INFO org.apache.mina.filter.logging.LoggingFilter - SENT: HeapBuffer[pos=0 lim=216 cap=260: 17 03 01 00 D3 9C 27 D2 DA 63 FF 46 D5 C0 4E 6D...]
2014-09-18 14:23:42,720 [NioProcessor-36] INFO org.apache.mina.filter.logging.LoggingFilter - SENT: HeapBuffer[pos=0 lim=0 cap=0: empty]
2014-09-18 14:23:42,720 [NioProcessor-36] INFO org.apache.mina.filter.logging.LoggingFilter - RECEIVED: HeapBuffer[pos=0 lim=214 cap=256: 17 03 01 00 D1 09 4C 18 B9 91 E0 20 B0 F2 E0 74...]
2014-09-18 14:23:42,724 [NioProcessor-36] INFO org.apache.mina.filter.logging.LoggingFilter - SENT: HeapBuffer[pos=0 lim=170 cap=260: 17 03 01 00 A5 CD 81 FA 04 E0 91 DA E2 B9 EF 20...]
2014-09-18 14:23:42,724 [NioProcessor-36] INFO org.apache.mina.filter.logging.LoggingFilter - SENT: HeapBuffer[pos=0 lim=0 cap=0: empty]
2014-09-18 14:23:42,724 [NioProcessor-36] INFO org.apache.mina.filter.logging.LoggingFilter - RECEIVED: HeapBuffer[pos=0 lim=215 cap=256: 17 03 01 00 D2 E4 58 88 93 32 56 40 47 85 73 21...]



 

Navigating to Administration -> System -> Logging -> Realtime in the Security Analytics UI displays frequent HeapBuffer entries.



Large Jetty 9 logs cause the root ( / ) partition on the appliance to reach 100% capacity, which results in issues such as the appliance becoming unlicensed, etc.
Resolution

In order to prevent these entries from rapidly filling the Jetty 9 logs, set the "log level" for this function to log fewer entries using the steps below.


  1. In the Security Analytics UI, navigate to Administration -> System.
  2. Click on Logging on the left menu.
  3. Click on the Settings tab.
  4. In the Packet Configuration section, drill down to org -> apache -> mina -> filter -> logging and click on LoggingFilter.
  5. Click on the drop down menu next to Log Level and select ERROR.
  6. Click on the Apply button to save the change.

If you are unsure of any of the steps above or experience any issues, contact RSA Support and quote this article ID for further assistance.

Notes

Be aware that, if the log messages above are not reporting, the org.apache.mina.filter.logging.LoggingFilter option may not appear in the Security Analytics UI under Administration -> System -> Logging -> Settings.


 


The following screenshot demonstrates the workaround procedure described above.


Legacy Article IDa67879

Attachments

    Outcomes