Security Analytics is no longer capturing traffic
Article ID: 245829
Security Analytics - VA
Security Analytics has capture enabled, but it is no longer receiving traffic or saving traffic.
- /pfs (capture filesystem) is no longer mounted
- one of the capture volumes is OFFLINE due to failed drives
- the capture feed has been turned off upstream
- certain services such as 'solera-captured' have failed or are no longer running
- Check the messages in /var/log/messages for any errors regarding hardware or capture failing.
- Use 'df -h' to see if /pfs is still mounted
- Reboot the appliance and see if capture resumes after the reboot.
- Capture a CSR log bundle and be prepared to send it to technical support