000035240 - How to change the core dump file location for RSA Web Threat Detection processes

Document created by RSA Customer Support Employee on Aug 5, 2017
Version 1Show Document
  • View in full screen mode

Article Content

Article Number000035240
Applies ToRSA Product Set: Web Threat Detection
Platform: Linux
IssueWhenever any of the RSA Web Threat Detection processes crashes, a core dump file is created under /var/log silvertail directory. The user wishes to write the core dump files to a different directory that has more space available.

The path for the core dump files is set inside /var/opt/silvertail/etc/service.conf file, under "ST_ERROR_DIR" value.
This will change the core dump path for all WTD processes, and will require a restart of all WTD components to reflect the change. 
Recommended approach is to:

1. Stop all of the RSA Web Threat Detection processes.
2. Make the configuration change in the /var/opt/silvertail/etc/service.conf, please note that you'll need to make the above change manually on all the WTD servers. 
(copied an example change below - changed the directory location from "/var/log/silvertail" --> "/var/log/silvertail/coredumps"):

# Write core files to ST_ERROR_DIR
# export ST_ERROR_DIR="/var/log/silvertail"
export ST_ERROR_DIR="/var/log/silvertail/coredumps"

3. Start Scout & Scout-Proxy processes on all server(s).
4. Log in to Scout from browser, and start the below four processes in-order:

a. AnnoDb
b. SiteProxy
c. SilverCat (Configuration Manager)
d. UIServer

5. Make a configuration push (empty push), through SilverCat (takes care of starting all the other WTD processes).