The time between the entries:

25 Mar 2011 01:32:58,488 INFO  [com.rsa.risk.batches.bayesian.BayesianScoringOnUsersTH$BuildScoringStat] 130103436397715382684961196 thread(12) of BayesianScoring handled 689 records.
25 Mar 2011 03:53:23,708 INFO  [com.rsa.risk.CRiskEngine] 130103370211133438011594 starting task [Score Normalization Using Bayesian]

in the aa_re.log log file for the offline task gets progressively longer. 

In a typical implementation fraud is an extremly rare phenomena so the offline task processes every occurence of fraud. Conversely genuine transactions are common so only a small sample of all genuine transactions are processed. Customers encountering this issue should first run the query above to determine if the number of events marked as fraud is high. If it is then first check to see that whenever the recommended action from an ANALYZE is CHALLENGE that a challenge is performed since abandoned challenges will be marked as fraud and a large number of abandoned challenges is a common cause for this problem.

If a high number fo frauds is not the cause then refer to the configuration guide and adjust the Baysiean sampling size.

The following SQL counts the number of fraud entries:

ORACLE:

select to_char(sys_creation_date,'YYYY MM DD'),sum(decode(FRAUD_SUSPECT_DATE,null,1,0))
as FS_DATE_NULL,sum(decode(resolution,'F',1,0)) as RESOLUTION_F,<br>
sum(decode(CHALLENGE_SUCCESSFUL,'N',1,0)) as CHALL_SUCC_N,count(*) total_rows
from rsa_core.event_log group by to_char(sys_creation_date,'YYYY MM DD')
order by 1

DB2:

select to_char(sys_creation_date,'YYYY MM DD'),sum(decode(FRAUD_SUSPECT_DATE,cast(null as char(8)),1,0))
as FS_DATE_NULL,sum(decode(resolution,'F',1,0)) as RESOLUTION_F,
sum(decode(CHALLENGE_SUCCESSFUL,'N',1,0)) as CHALL_SUCC_N,count(*) total_rows
from pmsecure.event_log group by to_char(sys_creation_date,'YYYY MM DD')
order by 1