|Applies To||RSA Product Set: NetWitness Logs & Packets, Security Analytics|
RSA Product/Service Type: Event Stream Analysis (ESA), Advanced Threat Detection
RSA Version/Condition: 10.6.x
O/S Version: EL6
|Issue||The Event Stream Analysis may become unresponsive due to heavy resource usage, and the configuration for the wrapper may need to be adjusted.|
The following error is found in the /opt/rsa/esa/wrapper.log:
|Cause||Heavy resource usage may be caused by enabling features such as Automated Threat Detection for Logs in the ESA or when the source concentrators also have Group Aggregation configured on them.|
|Resolution||This issue is currently being investigated by the Engineering team in order to resolve it in a future release.|
|Workaround||You may need to change the ping time settings in the wrapper.conf file.|
Perform the following:
1. Connect to the ESA host via SSH as the root user.
2. Edit the wrapper.conf file.
3. Change the following setting (or add to bottom of file if line doesn't exist):
4. Add the following lines at the end of the file:
5. Restart the Event Stream Analysis service.