Security Analytics is no longer capturing traffic
search cancel

Security Analytics is no longer capturing traffic


Article ID: 245829


Updated On:


Security Analytics Security Analytics - VA


Security Analytics has capture enabled, but it is no longer receiving traffic or saving traffic.



  • /pfs (capture filesystem) is no longer mounted
  • one of the capture volumes is OFFLINE due to failed drives
  • the capture feed has been turned off upstream
  • certain services such as 'solera-captured' have failed or are no longer running


  • Check the messages in /var/log/messages for any errors regarding hardware or capture failing. 
  • Use 'df -h' to see if /pfs is still mounted
  • Reboot the appliance and see if capture resumes after the reboot.
  • Capture a CSR log bundle and be prepared to send it to technical support