- Sensor Status in UI shows, 

IDS Service: Warning: Packet processing: No packets are being processed

- lastline_test_appliance shows below error : 

WARNING: Interface enp94s0f0 WARNING: No traffic found | Interface enp94s0f1 WARNING: No traffic found
(Interface name - enp94s0f0/1 - can be different from one environment to another)

NSX NDR

- Older versions of sensor before 1340:

Before, if the appliance was receiving no traffic, we would warn about it only for 24 hours and then stop complaining (e.g. no warning by IDS component or on appliance itself). So if sniffing is enabled and you received no packets on ANY sniffing interface, the warning would appear for 24 hours and disappear. The Customer basically “thought” things were working fine if they weren’t actually keeping a close eye on sniffing stats or logs.

- In version 1340 and later:

With the new implementation, the Developers decided to change this behavior and keep warning the Customer if no traffic is detected on ANY sniffing interface. If the sensor has at least one interface generating traffic, the warning does not appear. It does make more sense, now we are warning to let the Customer know that they have configured an IDS sniffing interface, that uses memory and resources for the appliance, but that the IDS does not see any traffic on any of the configured sniffing interfaces, (e.g. wasting resources for no reason).

The solution should be one of two possibilities:

1. Customer should remove the interface configured for sniffing if they are not sending traffic to it
2. Check their upstream TAP/SPAN/network config and send traffic to the sensor properly

Remove the sniffing interfaces from /etc/previct_config/sniffing_ifaces and re-trigger config.

Sensor would be in warning status.