000032749 - RSA Security Analytics Throttle Remote Collector to Local Collector Bandwidth Errors

Document created by RSA Customer Support Employee on Jun 14, 2016Last modified by RSA Customer Support Employee on Apr 21, 2017
Version 2Show Document
  • View in full screen mode

Article Content

Article Number000032749
Applies ToRSA Product Set: Security Analytics
RSA Product/Service Type: Log Collector
RSA Version/Condition: 10.6
IssueBandwidth throttling configuration changes to control the rate that the Remote Collector sends event data to a Local Collector do not persist after a reboot.
CauseThe set-shoveltransfer-limit.sh script is used to set the bandwidth throttle for event data transferred from a remote collector to local collector.
The script uses both iptables rules and linux kernel traffic shaping filters to control the upload bandwidth used by the RabbitMQ port on transfers to an upstream collector.
The script works correctly when executed, but fails to persist the traffic shaping filter values once the appliance is rebooted.
ResolutionThis issue is being investigated by the Engineering team in order to provide a permanent resolution in a future release.
WorkaroundAdd the script execution to the /etc/rc.local on the remote collector, as shown in the following example:
“/opt/netwitness/bin/set-shovel-transfer-limit.sh -s -r 4096kbit”