Skip navigation

Log in to create and rate content, and to follow, bookmark, and share content with other members.

000036822 - Malware Analysis service randomly going offline in RSA NetWitness Logs & Network 10.6.x

Document created by RSA Customer Support

on Oct 10, 2018

Version 1Show Document

Like • Show 0 Likes0
Comment • 0
View in full screen mode

Article Content

Article Number	000036822
Applies To	RSA Product Set: NetWitness Logs & Network RSA Product/Service Type: Malware Analysis RSA Version/Condition: 10.6.x
Issue	The Malware Analysis service crashes randomly and shows up as offline in the SA UI > Services pane.
Cause	This issue is sometimes caused because the Garbage Collector has run out of memory. You can confirm that if you find occurrences of the following error in the spectrum.log: java.lang.OutOfMemoryError: GC overhead limit exceeded The log is located in /var/lib/netwitness/rsamalware/spectrum/logs/spectrum.log.
Resolution	Try increasing the Max Heap Memory by changing the /etc/init/rsaMalwareDevice.conf file with the following values: Change the following line: FROM: env JAVA_HIGH="-Xmx4096M" TO: env JAVA_HIGH="-Xmx8192M" Then restart the service: stop rsaMalwareDevice start rsaMalwareDevice Monitor the service for a few days to confirm that the issue is solved. If the issue reappears, please contact RSA Customer Support to open a technical case.
Workaround	Restarting the service will temporarily solve the problem since the memory used by the garbage collector will be cleared, however, the service will crash once the memory limit is exceeded again.

Attachments

Outcomes

0 Comments

Recommended Content