Article Number
000033276
Applies To
RSA Product Set: Security Analytics
RSA Product/Service Type: Security Analytics Hosts
RSA Version/Condition: 10.6.0.0
Platform: CentOS
O/S Version: 6
Issue
After upgrading to Security Analytics 10.6.0.0, /var/log/messages is flooded with
rsa_audit_onramp messages as shown in the example below.
Jun 2 02:30:52 SA_HOST rsa_audit_onramp: Publishing to MessageBus failed.
Jun 2 02:31:12 SA_HOST rsa_audit_onramp: Publishing to MessageBus restored.
Jun 2 22:45:44 SA_HOST rsa_audit_onramp: publishing
Jun 2 22:45:44 SA_HOST rsa_audit_onramp: publishng
Due to the extensive number of such events logged, /var/log/messages rolls out meaningful events more quickly.
Cause
The issue is caused by a bug in /usr/sbin/rsa_audit_onramp.
Resolution
This issue has been resolved in Security Analytics 10.6.0.1.