|Applies To||RSA Product Set: Netwitness for Packet|
RSA Product/Service Type: Malware Analysis
RSA Version/Condition: 10.3, 10.4, 10.5, 10.6
O/S Version: 6
|Issue||Although Max Length(default : 2048 bytes) is set to higher value. MA audit log is truncated to a certain length.|
|Cause||Syslog receiver has a parameter for Max Length of the received message.|
|Resolution||Customer needs to extend the Max Length of the received message for Receiver module(eg. rsyslog). Please refer to the syslog receiver documentation.|
Test to inject the same pcap twice to Netwitness.
Regardless of the length of the Identity String, the receiver(rsyslog 5.x) truncates the message to 2K (default value for rsyslog 5.x) which is ending to the same position.
$MaxMessageSize <size_nbr>, default 2k