Troubleshooting
Problem
Packet capture runs for 10 minutes and stops with no errors.
Symptom
Capture starts and runs for 10 minutes and there are no errors in /var/log/messages about bind errors.
Cause
Product is in EVALUATION mode.
Diagnosing The Problem
- Start capture, when ramping up period ends, the pcap will stop capturing data.
- SSH to the PCAP appliance using the IP Address and port 4477:
ssh <IP_of_Pcap>: 4477 - Enter the command.
cat /usr/local/ui/public/data/cs_init_captures.json
[
{"Upordown":"1",
"Port":"0",
"Status":"Running",
"Capturepackets":"0.49387",
"Capturebytes":"0.000000",
"Capturedrops":"0",
"Duration":"",
"CompressionRatio":"0.50",
"VirtualStorage":"16.65",
"RealStorage":"85.30",
"BeginTime":"2016-08-01 20:41:01",
"EndTime":"2016-08-01 20:41:01",
"License":"Evaluation"
}]
Resolving The Problem
Procedure to resolve the issue.
- STOP capture.
- Click Admin.
- Enter the license in the PCAP Master License key UI:
- Click Update Master License
- Click Dashboard > Start Capture
- Wait for 2 to 3 minutes.
- Enter the command:
cat /usr/local/ui/public/data/cs_captures.json
[
{"Upordown":"1",
"Port":"0",
"Status":"Running",
"Capturepackets":"184.64315",
"Capturebytes":"0.000000",
"Capturedrops":"0",
"Duration":"03:19:50:24",
"CompressionRatio":"3.39",
"VirtualStorage":"113.05",
"RealStorage":"85.30",
"BeginTime":"2016-08-01 20:41:01",
"EndTime":"2016-08-05 16:31:25",
"License":"Permanent"
}]
Result: You should see the License is now Permanent from the command and the PCAP appliance is running more than 10 minutes.
[{"Product":{"code":"SSMU35","label":"IBM QRadar Network Packet Capture Software"},"Business Unit":{"code":"BU059","label":"IBM Software w\/o TPS"},"Component":"Licensing","Platform":[{"code":"PF016","label":"Linux"}],"Version":"Version Independent","Edition":"","Line of Business":{"code":"LOB24","label":"Security Software"}}]
Was this topic helpful?
Document Information
Modified date:
28 October 2020
UID
swg21990944