search cancel

Anomaly Detector hanging

book

Article ID: 113262

calendar_today

Updated On:

Products

CA Network Flow Analysis (NetQos / NFA)

Issue/Introduction

Unable to add multiple harvesters. Anomaly Detector would hang.

Harvesters are sending large amounts of flows at the same time and overloading/choking the AD server.

Cause

Basically, what was occurring was that all the harvesters were sending large amounts of flows at the same time and overloading/choking the AD server.

AD was able to handle the initial four harvesters but when adding more then that put it over the top and hung.

Environment

Windows 2k8 and above.
NFA 9.3.x and above

Resolution

NOTE: unless Anomaly Detector is actively in use, we do not recommend running the AD component at all. However, if, AD is required, the following procedure can be used.

 

(Note down the setting before you do the update so you can revert back if necessary.)

______________
mysql -P3308 -D nsas -unetqos -pnetqos -t -e "select * from parameter_descriptions where Parameter='max_active_datasources';"
     (Default Value was 10)
mysql -P3308 -D nsas -unetqos -pnetqos -t -e "update parameter_descriptions set DefaultValue='4' where Parameter='max_active_datasources';"
______________
mysql -P3308 -D nsas -unetqos -pnetqos -t -e "select * from parameter_descriptions where Parameter='max_flows_for_initialization';"
     (Default Value was 15000000.0)
mysql -P3308 -D nsas -unetqos -pnetqos -t -e "update parameter_descriptions set DefaultValue='8000000.0' where Parameter='max_flows_for_initialization';"
______________
mysql -P3308 -D nsas -unetqos -pnetqos -t -e "select * from parameter_descriptions where Parameter='max_flows_for_production';"
     (Default Value was 15000000.0)
mysql -P3308 -D nsas -unetqos -pnetqos -t -e "update parameter_descriptions set DefaultValue='8000000.0' where Parameter='max_flows_for_production';"
______________
mysql -P3308 -D nsas -unetqos -pnetqos -t -e "select * from parameter_descriptions where Parameter='max_records_per_min_for_netflow_datasource';"
     (Default Value was 20000)
mysql -P3308 -D nsas -unetqos -pnetqos -t -e "update parameter_descriptions set DefaultValue='1500000' where Parameter='max_records_per_min_for_netflow_datasource';"


The four parameters that were tweaked were done to achieve the following:
(max_active_datasources set to 4), this limits the number of harvesters that AD will process at a time.
(max_records_per_min_for_netflow_datasource set to 1500000), increases the max flows per min per harvester.
(max_flows_for_production and max_flows_for_initialization), decreased both parms to prevent overloading AD at startup.

 

Additional Information

CA Anomaly Detector is deprecated from the 21.2.2 release.

CA Anomaly Detector (Deprecated) (broadcom.com)