ThreatFactor NSIA

h1. Troubleshooting

h2. NSIA Runs Out of Memory

To resolve this either:

* Reduce the rate of the scans (this is preferred)

* Increase the amount of memory available to NSIA

Note that NSIA has a limit on the maximum amount of memory that it will use which is independent of the amount of memory that the server it if running on has. In other words, NSIA may be running out of memory even though the server has plenty of available memory. The maximum limit can be modified by changing the Java settings

h3. Reducing the Scan Rate

To reduce the scan rate, open the configuration page (i.e. http://127.0.0.1:8080/System/Configuration) and reduce the "Maximum HTTP Scan Threads" setting. By default, the system will allocate 10 threads to scanning at one time. Reducing the number of threads will reduce the memory and CPU usage of the system at any one time.

Additionally, reducing the scan frequency of the individual rules may be necessary to reduce the load on the system. Finally, system load can be reduced by decreasing the number of resources to be scanned by lowering the depth or resource limit on HTTP Auto-Discovery rules. However, note that reducing the number of resources to scan reduces the chance that NSIA will detect a security problem. Generally, this option should be avoided.

h3. Increasing Memory

The Java Runtime Environment contains a setting that limits how much memory the application uses. To increase this value, edit the config.ini file and change the value of the JVM.Arguments option. The value of the argument should be "-Xmx" followed by the amount of mamoery you want allocated to the JRE. Below is a sample of a config.ini file that allocates up to 2 GB:

<pre>

JVM.Arguments=-Xmx2g

</pre>

Note that the config.ini file will only have an effect if the NSIA binaries are used (such as "ThreatFactor NSIA.exe" or "ThreatFactor NSIA Service.exe"). You'll need to set the options to the JVM if you are calling it directly. Note that the daemon script that is provided with NSIA will need to be modified to change the memory settings for the the daemon.

h2. NSIA Terminates Indicating "invalid maximum heap size"

NSIA may fail if the memory settings are incorrect with a message such as:

<pre>

Invalid maximum heap size: -Xmx512m

Could not create the Java virtual machine.

</pre>

The settings need to be changed to be more conservative such as:

<pre>

JVM.Arguments=-Xms40m -Xmx256m

</pre>

h2. NSIA Service Terminates

The NSIA service will terminate if the underlying NSIA application could not be executed. The Windows event log may include a message such as: "NSIA has stopped unexpectedly, the service will now shutdown too".

To debug this issue, run NSIA directly (as opposed to running the service) and see if it runs without the service. Follow the instructions below to run it directly:

 # Open a command prompt (Start Menu > Run > cmd.exe)

 # Change to the path that NSIA was installed in (e.g. cd "C:\Program Files\ThreatFactor.com NSIA\")

 # Change to the bin path (cd bin)

 # Run NSIA.jar ("java -jar nsia./jar")

This should start NSIA or throw an error if it could not be launched. Most likely it will fail (since the service could not start it either) indicating why it could not be executed.