|Applies To||RSA Product Set: NetWitness Logs & Network|
RSA Product/Service Type: Malware Analysis
RSA Version/Condition: 10.6.x
|Issue||The Malware Analysis service crashes randomly and shows up as offline in the SA UI > Services pane.|
|Cause||This issue is sometimes caused because the Garbage Collector has run out of memory. You can confirm that if you find occurrences of the following error in the spectrum.log:|
The log is located in /var/lib/netwitness/rsamalware/spectrum/logs/spectrum.log.
|Resolution||Try increasing the Max Heap Memory by changing the /etc/init/rsaMalwareDevice.conf file with the following values:|
Change the following line:
Then restart the service:
Monitor the service for a few days to confirm that the issue is solved. If the issue reappears, please contact RSA Customer Support to open a technical case.
|Workaround||Restarting the service will temporarily solve the problem since the memory used by the garbage collector will be cleared, however, the service will crash once the memory limit is exceeded again.|