|Applies To||RSA Product Set: Netwitness Logs and Packets|
RSA Product/Service Type: Netwitness Logs and Packets
RSA Version/Condition: 10.6.x
|Issue||If Security Analytics Server and Malware Analysis OS timezone are not configured as UTC, it displays differences between "time meta-value" of Investigation and "time meta-value" of Malware GUI.|
In case of KST(Korea Standard Time) OS timezone, it shows 30 minutes time meta-value differences between Investigation and Malware GUI as shown below.
|Cause||This is because Security Analytics Server and Malware Analysis OS timezone is not configured as UTC as shown below.|
Mon Apr 9 14:23:39 KST 2018
# ls -ltr /etc/localtime
lrwxrwxrwx. 1 root root 30 Mar 15 09:33 /etc/localtime -> /usr/share/zoneinfo/Asia/Seoul
|Resolution||You can fix this issue if you change Security Analytics Server and Malware Analysis OS timezone as UTC.|
|Workaround||If the customer does not allow to change current OS timezone, follow these steps to fix this issue.|
1) SSH connect to Malware Analysis appliance
2) Add following phrase("-Duser.timezone=UTC") starting JAVA_OPTS variable from /etc/init/rsaMalwareDevice.conf as shown below.
3) Restart Malware Analysis service
# stop rsaMalwareDevice
# start rsaMalwareDevice
After above steps, the time difference issue will be resolved.