Failure in cleanup of exported IDPS PCAP tar gz files Alarm
search cancel

Failure in cleanup of exported IDPS PCAP tar gz files Alarm

book

Article ID: 330519

calendar_today

Updated On:

Products

VMware vDefend Firewall VMware NSX

Issue/Introduction

Title: Alarm for Failure in cleanup of exported IDPS PCAP tar gz files
Event ID: ids_ips.pcap_export_purge_failure
Alarm Description

  • Purpose: Cleanup of tar gz files containing exported PCAPs in the /image/pcap location on NSX Manager appliance encountered a failure.
  • Impact: When the maximum number of exports is reached, the user will not be able to export any more PCAPs (if the cleanup continues to fail).

Environment

VMware NSX

Cause

A scheduled job attempts to purge all tar gz files exported for IDPS PCAP that are older than 24 hours. If this job encounters an error deleting the file from the filesystem or while deleting the record associated with it from the database, an alarm is raised. If this is a temporary failure and if the next cycle for the cleanup job is able to delete the files successfully, the alarm will be resolved.

Resolution

Steps to Resolve

For release 4.2.0 and higher

Recommended Action:

 

  • List the tar.gz files on the system via API 

    GET https://<mgr_ip>/policy/api/v1/infra/settings/firewall/security/intrusion-services/pcaps

  • Delete unused exported tar.gz files using the following API:

    DELETE https://<mgr_ip>/api/v1/infra/settings/firewall/security/intrusion-services/pcaps/<exported_tar_gz_id>

    where <exported_tar_gz_id> is the value of parameter "id" from the GET output

Powered by Wolken Software