000036822 - Malware Analysis service randomly going offline in RSA NetWitness Logs & Network 10.6.x

Document created by RSA Customer Support Employee on Oct 10, 2018
Version 1Show Document
  • View in full screen mode

Article Content

Article Number000036822
Applies ToRSA Product Set: NetWitness Logs & Network
RSA Product/Service Type: Malware Analysis
RSA Version/Condition: 10.6.x
IssueThe Malware Analysis service crashes randomly and shows up as offline in the SA UI > Services pane.
CauseThis issue is sometimes caused because the Garbage Collector has run out of memory. You can confirm that if you find occurrences of the following error in the spectrum.log:

java.lang.OutOfMemoryError: GC overhead limit exceeded

The log is located in /var/lib/netwitness/rsamalware/spectrum/logs/spectrum.log.
ResolutionTry increasing the Max Heap Memory by changing the /etc/init/rsaMalwareDevice.conf file with the following values:

Change the following line:


env JAVA_HIGH="-Xmx4096M"


env JAVA_HIGH="-Xmx8192M"

Then restart the service:

stop rsaMalwareDevice
start rsaMalwareDevice

Monitor the service for a few days to confirm that the issue is solved. If the issue reappears, please contact RSA Customer Support to open a technical case.
WorkaroundRestarting the service will temporarily solve the problem since the memory used by the garbage collector will be cleared, however, the service will crash once the memory limit is exceeded again.