We're having problems with RSA Security Analytics stopping decoders with full disk space. First, a decoder stopped due lack of space on a partition with dumps generated by errors.
Today, a log decoder stopped with full /var/log due several messages going to /var/log/messages:
Sep 1 19:30:17 sa105sas01 ...ere='time=\"2015-08-12 08:10:00\"-\"2015-08-12 08:50:59\"', options=InvestigationOptions{options={date_range=com.netwitness.platform.server.common.domain.model.DateRange@25fca493, total_by=SESSION_COUNT, order_by=TOTAL, time_range_type=CUSTOM, sort_order=DESCENDING}, dateRange=com.netwitness.platform.server.common.domain.model.DateRange@25fca493, orderBy=TOTAL, sortOrder=DESCENDING, timeRangeType=CUSTOM, totalBy=SESSION_COUNT}, metaAliases={}, aggregateFunction='null', aggregateFieldName='null', min=null, max=null}","severity":6,"userRole":"Administrators+Administrators+PRIVILEGED_CONNECTION_AUTHORITY"}
Sep 1 19:30:17 sa105sas01 ...ere='time=\"2015-08-12 08:10:00\"-\"2015-08-12 08:50:59\"', options=InvestigationOptions{options={date_range=com.netwitness.platform.server.common.domain.model.DateRange@66356e87, total_by=SESSION_COUNT, order_by=TOTAL, time_range_type=CUSTOM, sort_order=DESCENDING}, dateRange=com.netwitness.platform.server.common.domain.model.DateRange@66356e87, orderBy=TOTAL, sortOrder=DESCENDING, timeRangeType=CUSTOM, totalBy=SESSION_COUNT}, metaAliases={}, aggregateFunction='null', aggregateFieldName='null', min=null, max=null}","severity":6,"userRole":"Administrators+Administrators+PRIVILEGED_CONNECTION_AUTHORITY"}
Sep 1 19:30:29 sa105sas01 ...='time=\"2015-08-12 08:10:00\"-\"2015-08-12 08:50:59\"', options=InvestigationOptions{options={date_range=com.netwitness.platform.server.common.domain.model.DateRange@7348515b, total_by=SESSION_COUNT, order_by=TOTAL, time_range_type=CUSTOM, sort_order=DESCENDING}, dateRange=com.netwitness.platform.server.common.domain.model.DateRange@7348515b, orderBy=TOTAL, sortOrder=DESCENDING, timeRangeType=CUSTOM, totalBy=SESSION_COUNT}, metaAliases={}, aggregateFunction='null', aggregateFieldName='null', min=null, max=null}","severity":6,"userRole":"Administrators+Administrators+PRIVILEGED_CONNECTION_AUTHORITY"}
Is there a way to implement a fix or some configuration to avoid these issues?
Regards
We experienced a similar issue to this. Our metaDB was filling up past 95% disk space and wasn't able to roll the logs quickly enough, resulting in the service crashing.
What's your disk usage like? In the CLI, do "df -lah" to see your usage.