Article Content
Article Number | 000036341 |
Applies To | RSA Product Set: NetWitness Endpoint RSA Product/Service Type: NetWitness Endpoint RSA Version/Condition: 4.3, 4.4.0.0, 4.4.0.1, 4.4.0.2 Platform: Windows |
Issue | There are some different symptoms associated with this issue:
|
Cause | The MachineModulePaths and Modules tables have grown to a very large size due to a bug in the cleanup jobs that fail to remove entries that are MarkedAsDeleted=1. These tables grow to be over 100Gb in size, possibly much larger, and processing modules becomes so process intensive that the job runtimes are heavily impacted. Additionally, the UI becomes unable to cache such a large amount of module data and the Modules tab starts to become inaccessible attempting to load so many modules and the associated meta. SELECT COUNT(*) FROM MachineModulePaths //MachineModulePaths count (No column name) 294338222 NOTE: Attempting to run a select * statement on these tables may take long periods of time to complete, generally it is better when it starts to hang to simply cancel the query and run a select count(*) to verify the number of entries in these tables SELECT COUNT(*) FROM Modules //Number of total modules 40300103 |
Resolution | This issue was fixed as part of a patch that was applied to 4.4.0.3 and all later versions of Netwitness Endpoint. Upgrading to 4.4.0.3+ will allow the cleanup jobs to begin rolling off this excess data but may take weeks to bring the MachineModulesPath and Modules tables down to a small enough number of entries that performance is considerably improved. Verification
|