.png?width=180&height=32&name=NW%20Logo%20(2).png){kind=small}
Issue
How to disable IPv6 at the kernel level on RSA Security Analytics appliances.
Resolution
RSA Security Analytics parses the Concentrator logs and sometimes the client.ip is displayed with preceding "::fff:" which makes it not possible to parse the IPv4 IP. User tries to disable IPv6 under the interfaces but no differences are apparent. The log looks like the following:
User admin (session 632, [::ffff:192.168.123.249]:56617) has requested the SDK language: id1=0 id2=0 time1=0 time2=0 options flags=1 size=10000
To disable IPv6, follow the steps below:
- Edit file /etc/sysctl.conf
vi /etc/sysctl.conf
- Add the following lines:
net.ipv6.conf.all.disable_ipv6 = 1
net.ipv6.conf.default.disable_ipv6 = 1
- Save and exit the file.
- Execute the following command to reflect the changes.
sysctl -p
To re-enable IPv6, remove the above lines from /etc/sysctl.conf and reboot the machine.
Internal Comments
UserName:melim8/5/2014 5:43:09 PM - review
sent an email to Ruby and gave some feedback on the KB: From: Meli, Marco Sent: 05 August 2014 18:42 To: Mathai, Ruby Subject: KB a67152 - review Hi Ruby, I am reviewing your KB article a67152. I have modified a bit the fonts. Please, see the attached instructions for next time. Can you please add to the case as a symptom, under what circumstance a customer would require to disable the IPv6 at kernel level? This would help to improve the article as it gives a scope. Let me know if you have any questions. Regards, Marco Meli | Technical Support Engineer
UserName:shurtj
8/12/2014 2:37:36 PM - Updated Article
Updated article and made changes to abide by Primus best practices.
UserName:almirm
8/28/2019 11:54 AM - Updated Article
Updated product version and added detailed steps on editing the configuration file.
Product Details
RSA Product Set: NetWitness Logs & NetworkRSA Product/Service Type: All hosts
RSA Version/Condition: 10.x
Approval Reviewer Queue
RSA NetWitness Suite Approval Queue