Mitigator Memory Increasing Daily in RSA Web Threat Detection 5.1
Originally Published: 2016-03-24
Article Number
Applies To
RSA Product/Service Type: Mitigator
RSA Version/Condition: 5.1
Platform: CentOS
Issue
Example customer statement:
Consumption of machine memory is increasing daily and causing alerts issue occurs when it is longer than 2 weeks v5.1.1.5
Error Message: none Recent
Changes: none
Business Impact: SEV 2, partner requested, unknown impact
Tasks
1. View the Varz Graph, looking at memory utilization.
2. Go to the Schema and look at the 'Mitigator' configuration, look for WindowSize and check the settings.
If they are not seen, push 'Edit' to see if the default setting is there. (This would only appear on Edit if it was never changed from default in the past.)
3. Go to rules, and ask the Customer if they are using a lot of rules with wildcards ' * '.
This tends to cause extra memory consumption due to the need to keep all pages in memory for each attribute, i.e., for each click.
4. Ask the Customer if they have a lot of testing going on in their environment that may cause spikes of many hits on only one or two IP addresses.
Resolution
Depending on what is seen for the schema in the configuration manager, they may have the default setting of 24 hours and 1 'pane'.
Our R&D research has shown that this default setting can be 'tuned' for improved response,
e.g., seeing memory being released and not growing as large day to day.
(Take a look at the VARZ graph for the Mitigator memory and look for steady trends in increased memory. This would indicate
that default settings are in place as not enough memory is being released with the current setting. There may be sharp decreases
when the service is restarted, which releases memory, but it is still followed by a steady rise, as just release the memory does not resolve the issue.)
If a change is needed, it should be gradual, made in small increments and observed over several days. Recommend a window change to 12 hours
and keep the setting of 1 pane. Tell the Customer that they should see more memory being released after 3 or 4 days and steadier,
more even day to day utilization, rather than a sharply rising graph.
2. Ask the Customer to continue to work on the Rules and IP Filters.
These steps will take time for the Customer to research, change and observe for improvement.
You may be able to close the case at this time, and have them reopen if needed.
Related Articles
How to adjust the Access Fulfillment Express (AFX) test connector capabilities timeout value in RSA Identity Governance & … Number of Views RSA Authentication Agent 2.0.2 for Citrix StoreFront Administrator's Guide Number of Views After changing RSA Authentication Manager 8.X virtual host information CT-KIP token provisioning fails. Number of Views Linux commands used to manage RSA Identity Governance & Lifecycle services Number of Views List of Trusted Certificate Authorities for HFED and Trusted Headers Applications Number of Views
Trending Articles
Passwordless Authentication in Windows MFA Agent for Active Directory – Quick Setup Guide RSA Authentication Manager Upgrade Process RSA Authentication Manager 8.9 Release Notes (January 2026) An example of SSO using SAML and ADFS with RSA Identity Management and Governance 6.9.x RSA Authentication Manager 8.8 Setup and Configuration Guide
Don't see what you're looking for?
