After upgrading to Security Analytics 10.6.0.0, /var/log/messages is flooded with rsa_audit_onramp messages as shown in the example below.
Jun 2 02:30:52 SA_HOST rsa_audit_onramp: Publishing to MessageBus failed.
Jun 2 02:31:12 SA_HOST rsa_audit_onramp: Publishing to MessageBus restored.
Jun 2 22:45:44 SA_HOST rsa_audit_onramp: publishing
Jun 2 22:45:44 SA_HOST rsa_audit_onramp: publishng
Due to the extensive number of such events logged, /var/log/messages rolls out meaningful events more quickly.
The issue is caused by a bug in /usr/sbin/rsa_audit_onramp.
This issue has been resolved in Security Analytics 10.6.0.1.