dspcapimport: error occurred for pcapimport on interface after virtual appliance deployment

search cancel

dspcapimport: error occurred for pcapimport on interface after virtual appliance deployment

book

Article ID: 241147

calendar_today

Updated On:

Products

Security Analytics Security Analytics - VA

Issue/Introduction

Unable to import PCAP files to Security Analytics. The following error occurs:

dspcapimport: error occured for pcapimport on interface : Unable to send import command (1014)|

Just finished a Security Analytics virtual appliance configuration and cannot import pcaps.

Environment

Virtual machine

Cause

There must be at least three virtual disks when building a new virtual machine. Without the three disks, there will be no capture or no index data. You can also check to see if /pfs is mounted by running df -h from the command line. This could also be caused by the appliance not being licensed yet.

Resolution

The install of a virtual machine requires three virtual disks. One for capture, one for index, and the application. If there is one there will be no capture. If there is two, all metadata or index data is stored in the /var filesystem and it may fill quickly.

Feedback

thumb_up Yes

thumb_down No