NFA System Status is showing that a harvester or the console is not responding.
Article ID: 211492
Updated On:
Products
Issue/Introduction
In NFA System Status or in NetOps Portal issues are displayed for a harvester or the Reporter Console.
NFA System Status is showing the SNMP Service is stopped and other services are in Unknown status. NetOps Portal is showing Degraded Status for NFA with similar information for each service.
Environment
Release : 10.0
Component : NETWORK FLOW ANALYSIS ANOMALY DETECTOR
Cause
NFA System Status is determined by the Watchdog service which sends SNMP requests to Harvesters and Console. If the Watchdog service is unable to reach to harvester or console SNMP services, this would be the result.
Resolution
One cause of this has been found to be that a different service has taken the SNMP port (161). NFA requires the Windows SNMP Service. If another process is listening to this port, the Windows SNMP Service will not fail. You can test to see if another process is using UDP 161 by stopping the Windows SNMP service and using netstat to see if the port is still being listened to:
In the above example, UDP port 161 is being listened to by an application running with Process ID 3184. You can identify this process and remove/kill it and restart the SNMP service to allow Windows to take that port. Once the Windows SNMP service is listening on port 161, restarting the Watchdog service on the Reporter Console server will update the System Status and you should see good data there.
Feedback
