000033276 - "rsa_audit_onramp" messages repeatedly appear in /var/log/messages in RSA Security Analytics 10.6.0.0

Document created by RSA Customer Support Employee on Jun 30, 2016Last modified by RSA Customer Support Employee on Apr 21, 2017
Version 2Show Document
  • View in full screen mode

Article Content

Article Number000033276
Applies ToRSA Product Set: Security Analytics
RSA Product/Service Type: Security Analytics Hosts
RSA Version/Condition: 10.6.0.0
Platform: CentOS
O/S Version: 6
 
IssueAfter upgrading to Security Analytics 10.6.0.0, /var/log/messages is flooded with rsa_audit_onramp messages as shown in the example below.
Jun  2 02:30:52 SA_HOST rsa_audit_onramp: Publishing to MessageBus failed.
Jun  2 02:31:12 SA_HOST rsa_audit_onramp: Publishing to MessageBus restored.
Jun  2 22:45:44 SA_HOST rsa_audit_onramp: publishing
Jun  2 22:45:44 SA_HOST rsa_audit_onramp: publishng

Due to the extensive number of such events logged, /var/log/messages rolls out meaningful events more quickly.
CauseThe issue is caused by a bug in /usr/sbin/rsa_audit_onramp.
ResolutionThis issue has been resolved in Security Analytics 10.6.0.1.

Attachments

    Outcomes