Help
FortiSOAR Knowledge Base
FortiSOAR: Security Orchestration and Response software provides innovative case management, automation, and orchestration. It pulls together all of an organization's tools, helps unify operations, and reduce alert fatigue, context switching, and the mean time to respond to incidents.
nmathur
Staff
Staff

Created on ‎07-28-2020 01:14 AM Edited on ‎08-01-2024 02:28 AM By Community Manager

Article Id 190194

Technical Tip: Playbooks fail to run on heavy records

Description

 

This article describes that if there is a record that is heavy because it contains several pictures in the rich text field etc., then the following issues can occur on such records:

 

  • Post-create playbooks that are run on records whose record size is very high, then the record creation process displays the "Error 500".
  • Post-update playbooks do not run while updating a large record.
  • Manual trigger playbooks do not get triggered when run on a large record.

 

Scope

 

FortiSOAR.

 

Solution

 

To resolve this issue, do the following:

  1. Run the following command:


vi /etc/nginx/conf.d/cyops-workflow.conf 

 

  1. In the cyops-workflow.conf file, change the value of the client_max_body_size parameter to a higher value based on the size of your records:  
    # max upload size 
    client_max_body_size 75M;     <- change this to 200M (This value can vary as per record size).

 

  1. Run the following command: 

 

systemctl restart nginx

 

  1. Check the sealab.log to see if the following issue is found:


[root@csadmin~]# tail -f /var/log/cyops/cyops-workflow/sealab.log
[17/Jun/2020 07:00:09] ERROR [django.security.RequestDataTooBig:77] Request body exceeded settings.DATA_UPLOAD_MAX_MEMORY_SIZE. 
[17/Jun/2020 07:00:09] WARNING [django.request:228] Bad Request: /wf/workflow/start/


The default value for the DATA_UPLOAD_MAX_MEMORY_SIZE key is '2.5MB'; as per the log; and the record size seems greater than 2.5MB. 

 

  1. To resolve this issue, you have to increase the value of the DATA_UPLOAD_MAX_MEMORY_SIZE key. This key is in the settings.py file in FortiSOAR releases before 7.6.0 and in the config.ini file in releases after 7.6.0:
  • Open the settings.py file or the config.ini file:


Settings.py file:


# vi /opt/cyops-workflow/sealab/sealab/settings.py 
Config.ini file:
# vi /opt/cyops-workflow/sealab/sealab/config.ini

 

  • Add the following new line in the settings.py


DATA_UPLOAD_MAX_MEMORY_SIZE = 5242880 


Add the following new line in the config.ini if it is already not present under the 'application' section:


[application]
DATA_UPLOAD_MAX_MEMORY_SIZE = 5242880

 
Note:

For post-update triggers to work, set the above parameter to double the record size. Restart the uwsgi and celery services using the following command: 

 
# systemctl restart uwsgi celeryd 

 

Note:

It is highly recommended that images with larger file sizes be added as 'File Attachments' and these attachments should be correlated to records instead of pasting them as inline images.

1554
0 Kudos
Submit Article Idea
Contributors
Broad. Integrated. Automated.

The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.

Social Media
Security Research
Company
News & Articles
Contact Us

Copyright 2024 Fortinet, Inc. All Rights Reserved.