|Applies To||RSA Product Set: Security Analytics|
RSA Product/Service Type: Packet Hybrid, Log Hybrid
RSA Version/Condition: 10.4.0.0, 10.4.0.1
O/S Version: 6
|Issue||The MegaSAS.log file on the appliance causes the /var partition to reach 100% capacity.|
This causes the appliance to go down and prevents SSH connections.
|Cause||This issue occurs because the nwraidutil.py script log, located at /var/lib/collectd/MegaSAS.log, is writing such a vast amount of data that it is filling the /var partition to capacity.|
|Resolution||This issue has been permanently fixed in Security Analytics version 10.4.0.2.|
In order to resolve the issue until the permanent fix can be applied, you must edit the /usr/lib/collectd/python/nwraidutil.py script on lines 67, 68 69 and 70 to add "-nolog" to the lines, as shown below.
Original lines of the script:
67 pdlistOut = nwutils.runCmd(self.raidUtil,"-pdlist -aall")
The same lines after being modified:
67 pdlistOut = nwutils.runCmd(self.raidUtil,"-pdlist -aall -nolog")
After modifying and saving the script file, the large log file (/var/lib/MegaSAS.log) should be deleted.
If you prefer not to use an editor or an editor is not available, this short sed recipe can be used to modify the relevant lines. If you are unfamiliar with the sed tool, please use the editor-based approach.
After making the changes, restart the collectd service with the following command: service collectd restart