|Applies To||RSA Security Analytics|
RSA Security Analytics Concentrator
RSA Security Analytics Hybrid
RSA Security Analytics All-in-One
RSA NetWitness NextGen
|Issue||"Too many open files" error is logging against the concentrator service in RSA Security Analytics|
The following log message is found in the /var/log/messages file: nw: [Index] [failure] Unexpected Query Exception of type N5boost12interprocess22interprocess_exceptionE: Too many open files
|Cause||The default value for max open file for concentrator service default of 1024 is too small.|
In order to resolve the issue, follow the instructions below.
For appliances running CentOS 6:
For appliances running CentOS 5:
If you still see the "too many open files" error in the log after making the above changes, please verify that the process has the correct configuration by looking at /proc/<pid>/limits where <pid> is the PID for the NwConcentrator process, or whatever process is issuing a "too many open files" error. If /proc/<pid>/limits still shows a low Max open files limit, then recheck your configuration and, if necessary, restart the nwconcentrator service or the whole appliance.
If you are unsure of any of the steps above or experience any issues, contact RSA Support for further assistance.
Below is an example of a concentrator appliance running CentOS 5 and NetWitness NextGen 220.127.116.11.
[root@concentrator ~]# ps -ef | grep Nw
System-wide defaults can be seen by issuing the command sysctl fs.file-max on the appliance, as shown in the example below.
[root@concentrator ~]# sysctl fs.file-max
|Legacy Article ID||a64950|