AnsweredAssumed Answered

Decoder stopping with disk space issues

Question asked by RSA Admin Employee on Sep 1, 2015
Latest reply on Sep 9, 2015 by Jesse Carleton

We're having problems with RSA Security Analytics stopping decoders with full disk space. First, a decoder stopped due lack of space on a partition with dumps generated by errors.

 

Today, a log decoder stopped with full /var/log due several messages going to /var/log/messages:

 

Sep  1 19:30:17 sa105sas01 ...ere='time=\"2015-08-12 08:10:00\"-\"2015-08-12 08:50:59\"', options=InvestigationOptions{options={date_range=com.netwitness.platform.server.common.domain.model.DateRange@25fca493, total_by=SESSION_COUNT, order_by=TOTAL, time_range_type=CUSTOM, sort_order=DESCENDING}, dateRange=com.netwitness.platform.server.common.domain.model.DateRange@25fca493, orderBy=TOTAL, sortOrder=DESCENDING, timeRangeType=CUSTOM, totalBy=SESSION_COUNT}, metaAliases={}, aggregateFunction='null', aggregateFieldName='null', min=null, max=null}","severity":6,"userRole":"Administrators+Administrators+PRIVILEGED_CONNECTION_AUTHORITY"}

Sep  1 19:30:17 sa105sas01 ...ere='time=\"2015-08-12 08:10:00\"-\"2015-08-12 08:50:59\"', options=InvestigationOptions{options={date_range=com.netwitness.platform.server.common.domain.model.DateRange@66356e87, total_by=SESSION_COUNT, order_by=TOTAL, time_range_type=CUSTOM, sort_order=DESCENDING}, dateRange=com.netwitness.platform.server.common.domain.model.DateRange@66356e87, orderBy=TOTAL, sortOrder=DESCENDING, timeRangeType=CUSTOM, totalBy=SESSION_COUNT}, metaAliases={}, aggregateFunction='null', aggregateFieldName='null', min=null, max=null}","severity":6,"userRole":"Administrators+Administrators+PRIVILEGED_CONNECTION_AUTHORITY"}

Sep  1 19:30:29 sa105sas01 ...='time=\"2015-08-12 08:10:00\"-\"2015-08-12 08:50:59\"', options=InvestigationOptions{options={date_range=com.netwitness.platform.server.common.domain.model.DateRange@7348515b, total_by=SESSION_COUNT, order_by=TOTAL, time_range_type=CUSTOM, sort_order=DESCENDING}, dateRange=com.netwitness.platform.server.common.domain.model.DateRange@7348515b, orderBy=TOTAL, sortOrder=DESCENDING, timeRangeType=CUSTOM, totalBy=SESSION_COUNT}, metaAliases={}, aggregateFunction='null', aggregateFieldName='null', min=null, max=null}","severity":6,"userRole":"Administrators+Administrators+PRIVILEGED_CONNECTION_AUTHORITY"}


Is there a way to implement a fix or some configuration to avoid these issues?


Regards

Outcomes