The content you are looking for has been archived. View related content below.
RSA Security Analytics parses the Concentrator logs and sometimes the client.ip is displayed with preceding "::fff:" which makes it not possible to parse the IPv4 IP. User tries to disable IPv6 under the interfaces but no differences are apparent. The log looks like the following:
User admin (session 632, [::ffff:192.168.123.249]:56617) has requested the SDK language: id1=0 id2=0 time1=0 time2=0 options flags=1 size=10000
To disable IPv6, follow the steps below:
vi /etc/sysctl.conf
net.ipv6.conf.all.disable_ipv6 = 1 net.ipv6.conf.default.disable_ipv6 = 1
sysctl -p