Skip navigation

Log in to create and rate content, and to follow, bookmark, and share content with other members.

000035355 - Large Number of Large Files Associated with Malware Analysis Appliance in RSA Security Analytics

Document created by RSA Customer Support

on Jul 13, 2017

Version 1Show Document

Like • Show 0 Likes0
Comment • 0
View in full screen mode

Article Content

Article Number	000035355
Applies To	RSA Product Set: Security Analytics RSA Product/Service Type: SA Malware Analysis RSA Version/Condition: 10.5.x, 10.6.x Platform: CentOS O/S Version: 6
Issue	The Lucene Index on the Malware Appliance creates a large number of large index files over time. The more activity on the system, the more files will be created. These files may not be noticed until the backup scripts are run as the backup files for the Malware Appliance my be quite large. You may find numerous, large files with the file extension ".cfs" in these folders: /var/lib/rsamalware/spectrum/index/com.netwitness.malware.server.domain.model.FileEntry/_eug.cfs /var/lib/rsamalware/spectrum/index/com.netwitness.malware.server.event.domain.model.EventEntity/_h31.cfs /var/lib/rsamalware/spectrum/index/com.netwitness.malware.server.event.domain.model.MetaValue/_gux.cfs /var/lib/rsamalware/spectrum/logs/spectrum.log.1_index/_6.cfs /var/lib/rsamalware/spectrum/logs/spectrum.log.2_index/_8.cfs /var/lib/rsamalware/spectrum/logs/spectrum.log.3_index/_2.cfs /var/lib/rsamalware/spectrum/logs/spectrum.log.4_index/_7.cfs /var/lib/rsamalware/spectrum/logs/spectrum.log.5_index/_0.cfs /var/lib/rsamalware/spectrum/logs/spectrum.log.6_index/_4.cfs /var/lib/rsamalware/spectrum/logs/spectrum.log.7_index/_0.cfs /var/lib/rsamalware/spectrum/logs/spectrum.log.8_index/_f.cfs /var/lib/rsamalware/spectrum/logs/spectrum.log_index/_2.cfs /var/lib/rsamalware/spectrum/repository/index/_100.cfs This folder list is not exhaustive and you may find more folders with cfs files in this part of your appliance filesystem tree.
Cause	These files are used by the Lucene Index in the Malware appliance and are considered system files.
Resolution	There is no resolution for these files as they are considered normal. Removing the files will cause problems when restarting the Malware Appliance service and thus should not be removed. Using the Malware Appliance legacy WebUI "Data Reset" function does not remove these index files.

Attachments

Outcomes

0 Comments

Recommended Content