000030580 - Performance issues with Log Decoders due to large number of Event Source groups in RSA Security Analytics

Document created by RSA Customer Support Employee on Jun 14, 2016Last modified by RSA Customer Support Employee on Apr 21, 2017
Version 2Show Document
  • View in full screen mode

Article Content

Article Number000030580
Applies ToRSA Product Set: Security Analytics
RSA Product/Service Type: Log Decoder
RSA Version/Condition:
Platform: CentOS
O/S Version: EL6
IssueAdding many Event Sources that have the same Device Type to one or more groups results in increased CPU utilization on Log Decoders when events of that device type are received.
ResolutionThis issue is resolved in Security Analytics
WorkaroundTo avoid this issue, do not create many large groups that include a large number of the same Event Source type.  
The sum of the event sources across groups should be limited to 150,000 when viewed in the Administration -> Event Sources -> Manage tab.