|Applies To||RSA Product Set: RSA NetWitness Logs & Network (Security Analytics)|
RSA Product/Service Type: Security Analytics UI, Health and Wellness
RSA Version/Condition: 10.4.x, 10.5.x, 10.6.x
O/S Version: 6
|Issue||In Health and Wellness on the Alarms tab, a Puppet Agent Failure alarm is seen.|
|Cause||There can be several reasons for this alarm relating to both the puppet agent and the puppet master service.|
1) Check that puppet agent service is running on the host by running the following command:
2) Issuing the command below on the affected host will provide further information on the error.
Due to a known issue with a slow memory leak in the puppetmaster module, when puppet agent -t is run on the node then the following error message may be seen:
3) Confirm if the puppetmaster service is running on the NetWitness Server:
|Workaround||If restarting the puppetmaster service allows `puppet agent -t` to complete normally, a workaround for the puppet master memory leak is to schedule a cron job to restart this service on a regular basis. |
WARNING: This entry should be removed prior to commencing upgrade tasks to avoid upgrade disruption.
1. Add the following entry to /var/spool/cron/root which restarts the puppetmaster service every Saturday at 11:50 PM UTC
You can do this either via editing this file or by running the following 2 commands:
2. Execute the command below to reload the crond daemon and put the scheduled job into effect.
3. The success of the cron daemon restart (and monitoring of run jobs) can be done by reviewing /var/log/cron. For example the last 10 entries:
Example entry in /var/log/cron
|Notes||Tested by running script every 5 minutes using:|