.png?width=180&height=32&name=NW%20Logo%20(2).png){kind=small}
Command to increase the polling interval for Health & Wellness on the RSA Security Analytics server
Issue
Because the polling interval is very short by default for the System Monitoring Service (SMS), the RabbitMQ service may crash in certain circumstances.For more information, refer to the article entitled RSA Security Analytics UI becomes unavailable because the System Monitoring message queue is full.
The default intervals are shown in the command below.
[root@SA-Server ~]# updatedb && locate --regex ".conf.erb$" | xargs grep "interval"
/etc/puppet/modules/archiver/templates/NwArchiver.conf.erb: interval "10"
/etc/puppet/modules/archiver/templates/NwArchiver.conf.erb: interval "60"
/etc/puppet/modules/broker/templates/NwBroker.conf.erb: interval "5"
/etc/puppet/modules/broker/templates/NwBroker.conf.erb: interval "60"
/etc/puppet/modules/concentrator/templates/NwConcentrator.conf.erb: interval "10"
/etc/puppet/modules/concentrator/templates/NwConcentrator.conf.erb: interval "60"
/etc/puppet/modules/decoder/templates/NwDecoder.conf.erb: interval "10"
/etc/puppet/modules/decoder/templates/NwDecoder.conf.erb: interval "60"
/etc/puppet/modules/ipdbextractor/templates/NwIPDBExtractor.conf.erb: interval "10"
/etc/puppet/modules/ipdbextractor/templates/NwIPDBExtractor.conf.erb: interval "60"
/etc/puppet/modules/logcollector/templates/NwLogCollector.conf.erb: interval "10"
/etc/puppet/modules/logcollector/templates/NwLogCollector.conf.erb: interval "60"
/etc/puppet/modules/logdecoder/templates/NwLogDecoder.conf.erb: interval "10"
/etc/puppet/modules/logdecoder/templates/NwLogDecoder.conf.erb: interval "60"
/etc/puppet/modules/logdecoder/templates/NwLogDecoder_ESM.conf.erb: interval "600"
/etc/puppet/modules/logdecoder/templates/NwLogDecoder_ESM.conf.erb: interval "60"
/etc/puppet/modules/warehouseconnector/templates/NwWarehouseConnector.conf.erb: interval "10"
/etc/puppet/modules/warehouseconnector/templates/NwWarehouseConnector.conf.erb: interval "60"
/etc/puppet/modules/workbench/templates/NwWorkbench.conf.erb: interval "10"
/etc/puppet/modules/workbench/templates/NwWorkbench.conf.erb:# interval "60"
/etc/puppet/modules/archiver/templates/NwArchiver.conf.erb: interval "10"
/etc/puppet/modules/archiver/templates/NwArchiver.conf.erb: interval "60"
/etc/puppet/modules/broker/templates/NwBroker.conf.erb: interval "5"
/etc/puppet/modules/broker/templates/NwBroker.conf.erb: interval "60"
/etc/puppet/modules/concentrator/templates/NwConcentrator.conf.erb: interval "10"
/etc/puppet/modules/concentrator/templates/NwConcentrator.conf.erb: interval "60"
/etc/puppet/modules/decoder/templates/NwDecoder.conf.erb: interval "10"
/etc/puppet/modules/decoder/templates/NwDecoder.conf.erb: interval "60"
/etc/puppet/modules/ipdbextractor/templates/NwIPDBExtractor.conf.erb: interval "10"
/etc/puppet/modules/ipdbextractor/templates/NwIPDBExtractor.conf.erb: interval "60"
/etc/puppet/modules/logcollector/templates/NwLogCollector.conf.erb: interval "10"
/etc/puppet/modules/logcollector/templates/NwLogCollector.conf.erb: interval "60"
/etc/puppet/modules/logdecoder/templates/NwLogDecoder.conf.erb: interval "10"
/etc/puppet/modules/logdecoder/templates/NwLogDecoder.conf.erb: interval "60"
/etc/puppet/modules/logdecoder/templates/NwLogDecoder_ESM.conf.erb: interval "600"
/etc/puppet/modules/logdecoder/templates/NwLogDecoder_ESM.conf.erb: interval "60"
/etc/puppet/modules/warehouseconnector/templates/NwWarehouseConnector.conf.erb: interval "10"
/etc/puppet/modules/warehouseconnector/templates/NwWarehouseConnector.conf.erb: interval "60"
/etc/puppet/modules/workbench/templates/NwWorkbench.conf.erb: interval "10"
/etc/puppet/modules/workbench/templates/NwWorkbench.conf.erb:# interval "60"
Resolution
The script to update the polling intervals where necessary is listed below.
[root@SA-Server ~]# updatedb && for files in $(locate --regex ".conf.erb$");do sed -i 's/interval "60"/interval "180"/g' $files; sed -i 's/interval "10"/interval "60"/g' $files;done && sed -i 's/interval 60/interval 180/g' /etc/puppet/modules/rsa-sms-server/files/_collectd_java.conf && sed -i 's/interval "5"/interval "60"/g' /etc/puppet/modules/broker/templates/NwBroker.conf.erb && service puppet restart
Stopping puppet agent: [ OK ]
Starting puppet agent: [ OK ]
Stopping puppet agent: [ OK ]
Starting puppet agent: [ OK ]
The output below shows the new polling intervals after the script has been executed.
[root@SA-Server ~]# locate --regex ".conf.erb$" | xargs grep "interval"
/etc/puppet/modules/archiver/templates/NwArchiver.conf.erb: interval "60"
/etc/puppet/modules/archiver/templates/NwArchiver.conf.erb: interval "180"
/etc/puppet/modules/broker/templates/NwBroker.conf.erb: interval "180"
/etc/puppet/modules/broker/templates/NwBroker.conf.erb: interval "180"
/etc/puppet/modules/concentrator/templates/NwConcentrator.conf.erb: interval "60"
/etc/puppet/modules/concentrator/templates/NwConcentrator.conf.erb: interval "180"
/etc/puppet/modules/decoder/templates/NwDecoder.conf.erb: interval "60"
/etc/puppet/modules/decoder/templates/NwDecoder.conf.erb: interval "180"
/etc/puppet/modules/ipdbextractor/templates/NwIPDBExtractor.conf.erb: interval "60"
/etc/puppet/modules/ipdbextractor/templates/NwIPDBExtractor.conf.erb: interval "180"
/etc/puppet/modules/logcollector/templates/NwLogCollector.conf.erb: interval "60"
/etc/puppet/modules/logcollector/templates/NwLogCollector.conf.erb: interval "180"
/etc/puppet/modules/logdecoder/templates/NwLogDecoder.conf.erb: interval "60"
/etc/puppet/modules/logdecoder/templates/NwLogDecoder.conf.erb: interval "180"
/etc/puppet/modules/logdecoder/templates/NwLogDecoder_ESM.conf.erb: interval "600"
/etc/puppet/modules/logdecoder/templates/NwLogDecoder_ESM.conf.erb: interval "180"
/etc/puppet/modules/warehouseconnector/templates/NwWarehouseConnector.conf.erb: interval "60"
/etc/puppet/modules/warehouseconnector/templates/NwWarehouseConnector.conf.erb: interval "180"
/etc/puppet/modules/workbench/templates/NwWorkbench.conf.erb: interval "60"
/etc/puppet/modules/workbench/templates/NwWorkbench.conf.erb:# interval "180"
[root@rsaaio ~]# cat /etc/puppet/modules/rsa-sms-server/files/_collectd_java.conf | grep interval
interval 180
/etc/puppet/modules/archiver/templates/NwArchiver.conf.erb: interval "60"
/etc/puppet/modules/archiver/templates/NwArchiver.conf.erb: interval "180"
/etc/puppet/modules/broker/templates/NwBroker.conf.erb: interval "180"
/etc/puppet/modules/broker/templates/NwBroker.conf.erb: interval "180"
/etc/puppet/modules/concentrator/templates/NwConcentrator.conf.erb: interval "60"
/etc/puppet/modules/concentrator/templates/NwConcentrator.conf.erb: interval "180"
/etc/puppet/modules/decoder/templates/NwDecoder.conf.erb: interval "60"
/etc/puppet/modules/decoder/templates/NwDecoder.conf.erb: interval "180"
/etc/puppet/modules/ipdbextractor/templates/NwIPDBExtractor.conf.erb: interval "60"
/etc/puppet/modules/ipdbextractor/templates/NwIPDBExtractor.conf.erb: interval "180"
/etc/puppet/modules/logcollector/templates/NwLogCollector.conf.erb: interval "60"
/etc/puppet/modules/logcollector/templates/NwLogCollector.conf.erb: interval "180"
/etc/puppet/modules/logdecoder/templates/NwLogDecoder.conf.erb: interval "60"
/etc/puppet/modules/logdecoder/templates/NwLogDecoder.conf.erb: interval "180"
/etc/puppet/modules/logdecoder/templates/NwLogDecoder_ESM.conf.erb: interval "600"
/etc/puppet/modules/logdecoder/templates/NwLogDecoder_ESM.conf.erb: interval "180"
/etc/puppet/modules/warehouseconnector/templates/NwWarehouseConnector.conf.erb: interval "60"
/etc/puppet/modules/warehouseconnector/templates/NwWarehouseConnector.conf.erb: interval "180"
/etc/puppet/modules/workbench/templates/NwWorkbench.conf.erb: interval "60"
/etc/puppet/modules/workbench/templates/NwWorkbench.conf.erb:# interval "180"
[root@rsaaio ~]# cat /etc/puppet/modules/rsa-sms-server/files/_collectd_java.conf | grep interval
interval 180
Product Details
RSA Product Set: Security AnalyticsRSA Product/Service Type: Security Analytics Server, Health & Wellness
RSA Version/Condition: 10.4.x, 10.5.x
Platform: CentOS
O/S Version: EL6
Approval Reviewer Queue
Technical approval queue