000034211 - Forensics User Interface (FUI) Parse Errors when doing searches in RSA Web threat Detection

Document created by RSA Customer Support Employee on Jan 4, 2017Last modified by RSA Customer Support Employee on Apr 21, 2017
Version 2Show Document
  • View in full screen mode

Article Content

Article Number000034211
Applies ToRSA Product Set: Web Threat Detection
RSA Product/Service Type: Forensics
RSA Version/Condition: 5.0
O/S Version: Red Hat Enterprise Linux 6.x
Product Description: RSA WTD F&M SW On Prem Lic
IssueWhen doing searches in the Forensics User Interface, users may experience "parse errors" when searching on IP addresses.
Here are errors that would be seen in the log:
uiserver[56053]: [error] 0 Caught exception:
In LineInputStream:: GetLine(), bufSize=1048576, line len=1084923
uiserver[56053]: [info] 0 [rb9439 135.45.43.240:51735 /clickstrea m.cgi?cmd=ipProfile&ip=73.172.157.202&len=24&annotate=x&version=2&year=2016&month=3&day=2 2&hour=23]
uiserver[56053]: [error] 0 Caught exception: In LineInputStream:: GetLine(), bufSize=1048576, line len=1108465
ResolutionThe issue is due to the search results exceeding a buffer for search results. 
Workarounds
  1. Decrease the search parameters to obtain smaller search results, or use other tools to detect if there are a large amount of IP's, Pages, etc. returned in the search. 
  2. The page data may need to be normalized 
  3. Research if there are large amounts of hits for one IP that could be result of IP Aggregator traffic. 
Engineering has a ticket on this issue and is evaluating when this issue would be fixed. 
NotesAsk CS Engineer to check on status of Engineering ticket. WTD-4985

Attachments

    Outcomes