000034687 - File Size Limitation for Nessus Scan files in VRM for Air Gapped environments

Document created by RSA Customer Support Employee on Jan 17, 2017Last modified by RSA Customer Support Employee on Apr 21, 2017
Version 2Show Document
  • View in full screen mode

Article Content

Article Number000034687
Applies ToRSA Product Set: Security Management
RSA Product/Service Type: Vulnerability Risk Manager
RSA Version/Condition: 1.2
Platform: Windows
 
IssueIf you do not have a direct internet connection between your Vulnerability Analytics Windows Host and your Vulnerability scanner then you are using an "Air Gapped" environment.  Memory allocation for processing scan files is different in VRM for "Air Gapped" systems.  You may receive the following error in the "Collector.log" file when processing large scan files:
 
XX XX XXXX xx:xx:xx,xxx | ERROR - AbstractStep.execute(229) | Encountered an error executing step convertNessus6ScanToGeneric in job loadNessus6DevicesAndIssuesBatchJob
java.lang.OutOfMemoryError: Java heap space

at net.sf.saxon.om.FastStringBuffer.<init>(FastStringBuffer.java:32)
at net.sf.saxon.tinytree.LargeStringBuffer.append(LargeStringBuffer.java:83)
at net.sf.saxon.tinytree.TinyTree.appendChars(TinyTree.java:350)
at net.sf.saxon.tinytree.TinyBuilder.characters(TinyBuilder.java:330)
at net.sf.saxon.event.ReceivingContentHandler.flush(ReceivingContentHandler.java:549)
at net.sf.saxon.event.ReceivingContentHandler.endElement(ReceivingContentHandler.java:442)
at com.sun.org.apache.xerces.internal.parsers.AbstractSAXParser.endElement(Unknown Source)
at com.sun.org.apache.xerces.internal.impl.XMLDocumentFragmentScannerImpl.scanEndElement(Unknown Source)
at com.sun.org.apache.xerces.internal.impl.XMLDocumentFragmentScannerImpl$FragmentContentDriver.next(Unknown Source)
at com.sun.org.apache.xerces.internal.impl.XMLDocumentScannerImpl.next(Unknown Source)
at com.sun.org.apache.xerces.internal.impl.XMLNSDocumentScannerImpl.next(Unknown Source)
at com.sun.org.apache.xerces.internal.impl.XMLDocumentFragmentScannerImpl.scanDocument(Unknown Source)
at com.sun.org.apache.xerces.internal.parsers.XML11Configuration.parse(Unknown Source)
at com.sun.org.apache.xerces.internal.parsers.XML11Configuration.parse(Unknown Source)
at com.sun.org.apache.xerces.internal.parsers.XMLParser.parse(Unknown Source)
at com.sun.org.apache.xerces.internal.parsers.AbstractSAXParser.parse(Unknown Source)
at com.sun.org.apache.xerces.internal.jaxp.SAXParserImpl$JAXPSAXParser.parse(Unknown Source)
at net.sf.saxon.event.Sender.sendSAXSource(Sender.java:404)
at net.sf.saxon.event.Sender.send(Sender.java:214)
at net.sf.saxon.event.Sender.send(Sender.java:50)
at net.sf.saxon.Controller.transform(Controller.java:1611)
at com.rsa.srm.core.conversion.xslt.GenericXSLTTransformation.parseXML(GenericXSLTTransformation.java:81)
at com.rsa.srm.collector.batch.XMLTransformTasklet.executeInternal(XMLTransformTasklet.java:92)
at com.rsa.srm.collector.batch.XMLTransformTasklet.execute(XMLTransformTasklet.java:65)
at sun.reflect.GeneratedMethodAccessor114.invoke(Unknown Source)
at sun.reflect.DelegatingMethodAccessorImpl.invoke(Unknown Source)
at java.lang.reflect.Method.invoke(Unknown Source)
at org.springframework.aop.support.AopUtils.invokeJoinpointUsingReflection(AopUtils.java:317)
at org.springframework.aop.framework.ReflectiveMethodInvocation.invokeJoinpoint(ReflectiveMethodInvocation.java:190)
at org.springframework.aop.framework.ReflectiveMethodInvocation.proceed(ReflectiveMethodInvocation.java:157)
at org.springframework.aop.support.DelegatingIntroductionInterceptor.doProceed(DelegatingIntroductionInterceptor.java:133)
at org.springframework.aop.support.DelegatingIntroductionInterceptor.invoke(DelegatingIntroductionInterceptor.java:121)

 
CauseScan file is too large to process and Java Heap space was consumed.
Workaround
  1. Increase memory (RAM) on Vulnerability Analytics Windows host
  2. Break up scan file into smaller segments to process.  Typically, 1 GB or smaller is best practice.

Attachments

    Outcomes