Article Number | 000035355 |
Applies To | RSA Product Set: Security Analytics RSA Product/Service Type: SA Malware Analysis RSA Version/Condition: 10.5.x, 10.6.x Platform: CentOS O/S Version: 6 |
Issue | The Lucene Index on the Malware Appliance creates a large number of large index files over time. The more activity on the system, the more files will be created. These files may not be noticed until the backup scripts are run as the backup files for the Malware Appliance my be quite large. You may find numerous, large files with the file extension ".cfs" in these folders:
/var/lib/rsamalware/spectrum/index/com.netwitness.malware.server.domain.model.FileEntry/_eug.cfs /var/lib/rsamalware/spectrum/index/com.netwitness.malware.server.event.domain.model.EventEntity/_h31.cfs /var/lib/rsamalware/spectrum/index/com.netwitness.malware.server.event.domain.model.MetaValue/_gux.cfs /var/lib/rsamalware/spectrum/logs/spectrum.log.1_index/_6.cfs /var/lib/rsamalware/spectrum/logs/spectrum.log.2_index/_8.cfs /var/lib/rsamalware/spectrum/logs/spectrum.log.3_index/_2.cfs /var/lib/rsamalware/spectrum/logs/spectrum.log.4_index/_7.cfs /var/lib/rsamalware/spectrum/logs/spectrum.log.5_index/_0.cfs /var/lib/rsamalware/spectrum/logs/spectrum.log.6_index/_4.cfs /var/lib/rsamalware/spectrum/logs/spectrum.log.7_index/_0.cfs /var/lib/rsamalware/spectrum/logs/spectrum.log.8_index/_f.cfs /var/lib/rsamalware/spectrum/logs/spectrum.log_index/_2.cfs /var/lib/rsamalware/spectrum/repository/index/_100.cfs This folder list is not exhaustive and you may find more folders with cfs files in this part of your appliance filesystem tree. |
Cause | These files are used by the Lucene Index in the Malware appliance and are considered system files. |
Resolution | There is no resolution for these files as they are considered normal. Removing the files will cause problems when restarting the Malware Appliance service and thus should not be removed. Using the Malware Appliance legacy WebUI "Data Reset" function does not remove these index files. |