The lastline_test_appliance was continuously reporting a warning  "Sniffing interfaces with connected cable: []"

 It is expected when the configured interfaces aren't actively being used or  if no traffic is detected on ANY sniffing interface.   The appliances' health checks were working as designed, but the underlying issue was the configuration itself.

Note :  If the sensor has at least one interface generating traffic, the warning does not appear. It does make more sense, now If we  configured an IDS sniffing interface, that uses memory and resources for the appliance, but that the IDS does not see any traffic on any of the configured sniffing interfaces, (e.g. wasting resources for no reason).

NSX NDR 

The solution should be one of two possibilities:

1. Customer should remove the interface configured for sniffing if they are not sending traffic to it
2. Check their upstream TAP/SPAN/network config and send traffic to the sensor properly

Workaround:

Remove the sniffing interfaces from /etc/previct_config/sniffing_ifaces and re-trigger config.

Likely a hardware change or a driver upgrade, but we have also seen this error come up when customers add lines or modify /etc/network/interfaces in ways that appliance-setup does not support.

Note : If you are currently using your sensor only to check the emails (SMTP/MTA) so you don't need to use the sniffing functionalities, also if you disable from the WebUI the sniffing you still need to access via SSH the machine and disable the interfaces.