000032747 - Throttling Remote Collector to Local Collector bandwidth is not persistent after rebooting in RSA Security Analytics 10.6

Document created by RSA Customer Support Employee on Jun 14, 2016Last modified by RSA Customer Support Employee on Apr 22, 2017
Version 2Show Document
  • View in full screen mode

Article Content

Article Number000032747
Applies ToRSA Product Set: Security Analytics
RSA Product/Service Type: Log Collector
RSA Version/Condition: 10.6
IssueBandwidth throttling configuration changes to control the rate that the Remote Collector sends event data to a Local Collector do not persist after a reboot.
The set-shoveltransfer-limit.sh script is used to set the bandwidth throttle for event data transferred from a remote collector to local collector.
The script uses both iptables rules and linux kernel traffic shaping filters to control the upload bandwidth used by the RabbitMQ port on transfers to an upstream collector.
The script works correctly when executed, but fails to persist the traffic shaping filter values once the appliance is rebooted.
WorkaroundAdd the script execution to the /etc/rc.local on the remote collector, as shown in the example below.
/opt/netwitness/bin/set-shovel-transfer-limit.sh -s -r 4096kbit