|Applies To||RSA Product Set: RSA Security Analytics |
RSA Product/Service Type: Packet Decoder, Log Decoder, Concentrator, Archiver
RSA Version/Condition: 10.4.x,10.5.x,10.6.x and 11.x
O/S Version: EL6 and EL7
|Issue||By default, database configuration is set in a way that once metadb/sessiondb/packetdb/indexdb reaches 95%, the data roll over should start.|
Sometimes it has been observed that roll over doesn't take place exactly at 95% and we get below alarm on SA :
“High Filesystem Usage”
|Resolution||The usage of metadb/sessiondb/packetdb/indexdb which even if grows beyond the configured size is a normal scenario as long as the rollover is occurring automatically before the filesystem fills, it is functioning as designed.|
As rollover is not that precise and rollover is only active once the usage exceeds the specified size threshold, and only is activated periodically, rather than instantaneously.
So, it seems rollover starts periodically and in that meantime DB grows more than 95%.
So, we can ignore “High Filesystem Usage” alarms as the functionality and services are not affected.
To stop the alarms from triggering in such scenarios, we can edit the alarm as below :