|Applies To||RSA Product Set: Security Analytics, NetWitness Logs & Network|
RSA Product/Service Type: Log Collector
RSA Version/Condition: 10.6.x, 11.0.x.
|Issue||Bandwidth throttling configuration changes to control the rate that the Remote Collector sends event data to a Local Collector do not persist after a reboot.|
|Cause||The set-shoveltransfer-limit.sh script is used to set the bandwidth throttle for event data transferred from a remote collector to local collector.|
The script uses both iptables rules and Linux kernel traffic shaping filters to control the upload bandwidth used by the RabbitMQ port on transfers to an upstream collector.
The script works correctly when executed, but fails to persist the traffic shaping filter values once the appliance is rebooted.
|Resolution||This issue is fixed in NetWitness 18.104.22.168.|
Please consider upgrading to NetWitness 11.1 or later to resolve the issue.
|Workaround||Add the script execution to the /etc/rc.local on the remote collector, as shown in the following example:|
“/opt/netwitness/bin/set-shovel-transfer-limit.sh -s -r 4096kbit”