Created on 09-27-2016 06:35 AM Edited on 04-07-2022 01:48 PM By Anonymous
Description
After I upgrade VA to 3.6.2, I start receiving many email notification which says “Cleared by System”.
This is new feature introduced in 3.6.2. VA automatically clears an incident which is Active for more than 1 day. This functionality was added to address memory consumption by Rule Master process.
If the root cause of the incident is still actually remaining, the incident will be generated again.
Recommendation
We recommend you address and clear all incidents as soon as possible. If you do not please follow the work around:
Workaround
If you want to change the time period that System will allow Incidents to stay Active follow these steps:
1. login to ssh as admin
2. cd /opt/phoenix/config
3. vi phoenix_config.txt and find “deprecated_time”
4. change value of deprecated_time accordingly
By default, it is 86400 = 1 day. We do not recommend to increase this value too large. By increasing this value, phRuleMaster process will consume more memory.
5. save phoenix_config.txt and exit vi
6. killall -9 phRuleMaster
A future version of AO will provide a UI method for modifying this value.
3.6.2+
The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.
Copyright 2024 Fortinet, Inc. All Rights Reserved.