ESA Config: Change Memory Threshold for Trial Rules

Document created by RSA Information Design and Development on Jul 21, 2016Last modified by RSA Information Design and Development on Feb 9, 2017
Version 2Show Document
  • View in full screen mode
  

This topic tells administrators how to set a memory usage threshold for trial rules. When the threshold is exceeded, all deployed trial rules are disabled.

This procedure is optional. Administrators can increase or decrease the memory threshold for trial rules. Threshold refers to the ESA memory usage, which includes ESA base memory, trial rules and non-trial rules. When the threshold is exceeded, all deployed trial rules on an ESA service are disabled. 

You use trial rules to see if a rule runs efficiently and does not use excessive memory, which can impact performance or force the service to shut down.

By default, the memory threshold is 85, which is the percentage of Java Virtual Memory (JVM).

  • The memory threshold is per ESA, not per rule.
  • When the memory threshold is exceeded, all trial rules running on the ESA are automatically disabled. 
  • The ESA configuration has two parameters for trial rules:
    • MemoryThresholdforTrialRules
    • MemoryCheckPeriod, which has a default value of 300 seconds

For more information, see "Work with Trial Rules" in the "Alerting Using ESA Guide".

Prerequisites

A role with administrative privileges must be assigned to you.

Procedure

  1. Log on to Security Analytics as admin.
  2. In the Security Analytics menu, select Administration > Services.
  3. Select the ESA service, then  > View > Explore.
  4. On the left, select CEP > Module > configuration.
  5. In the right panel, in MemoryThresholdForTrialRules type a percentage of JVM that trial rules on the ESA can not exceed.
    The new memory threshold takes effect immediately.
You are here
Table of Contents > Additional ESA Procedures > Change Memory Threshold for Trial Rules

Attachments

    Outcomes