dspcapimport: error occurred for pcapimport on interface
Article ID: 241147
Updated On:
Products
Issue/Introduction
We are unable to import PCAP files to Security Analytics. We keep getting the following error:
Just finished a Security Analytics virtual appliance configuration and cannot import pcaps.
Environment
Virtual machine
Cause
There must be at least three virtual disks when building a new virtual machine. Without the three disks, there will be no capture or no index data. You can also check to see if /pfs is mounted by running df -h from the command line. This could also be caused by the appliance not being licensed yet.
Resolution
The install of a virtual machine requires three virtual disks. One for capture, one for index, and the application. If there is one there will be no capture. If there is two, all metadata or index data is stored in the /var filesystem and it may fill quickly.
Attachments
Feedback
