The following checklist can be used to verify that the status of your passive capture environment.
- On the PCA Web Console-Console tab, verify that passive capture is enabled.
- The PCA Web Console-Summary tab contains metrics and status information about individual PCA processes, peers, and network interfaces. Warning and error messages are displayed here. Verify:
- All capture processes are up and running.
- Delivery peers are defined and connected and are delivering hits
- Network interfaces are up.
- The PCA Web Console-Interface tab shows the configuration of multiple PCA instances, network interfaces, data segmentation, and data filters. It also displays performance tuning parameters. Verify:
- Primary interface is up and is listening to both directions of traffic.
- Directions of each interface are properly configured.
- Required Traffic port numbers are correctly set.
- Ignored Traffic filters are not filtering wanted data.
- If you are using multiple PCA instances, verify that any data segmentation configuration is directing traffic to the appropriate instance.
- Any defined filter rules are properly including or excluding port traffic.
- Tuning parameter settings are not impacting system performance.
- The PCA Web Console-Delivery tab defines and tests connections to target recipients of PCA data. It enables and configures delivery of PCA statistics to the Windows™ pipeline. Verify:
- Target host names and port numbers are properly specified
- For diagnosing issues, delivering PCA statistics hits to the Windows pipeline enables better tracking of system performance.
Additional PCA configuration checklist
In addition to the main checklist, you can perform some additional checks based on the following issues:
- SSL issues- If the PCA is not properly capturing HTTPS traffic, review the SSL keys configuration.
- Verify that no private keys are missing.
- Verify on the web server that the current SSL key is exported and provided to the PCA.
- PCA requires the web server private key to be exported, converted, and then imported into the PCA.
- Sensitive data - If sensitive data is being passed through the PCA to the Windows pipeline and the databases, you can configure privacy rules to block or mask this data as soon as it arrives at the PCA.
- Verify that privacy rules are properly configured.
- Review use of regular expressions in privacy rules, which can significantly affect PCA performance.
- Failover issues- The PCA can be configured to fail over from the primary PCA instance to a secondary one as needed.
Additional tips for diagnosing issues
If the main checklist did not help to diagnose the issue, you can review the following items to verify performance of theCX Passive Capture Application server.
In some situations, issues that appear in the CX Passive Capture Application are sourced at the operating system or network level. The following tips are useful validation steps before contacting Support.
- Check disk space on the volume where PCA is hosted
- Check operating system processes
- Verify recent history of PCA Web Console modifications, which are logged in the following file:
/var/log/tealeaf/confxxx.log
- Verify status of NICs using external tools such as
ifconfig
andethtool
- Verify physical connections between server, NICs, and network
Passive capture monitoring using Tealeaf status
The Status report polls each active Tealeaf server that is configured in the Portal Management page for status information and produces a summary report within the Portal. It provides a dashboard view into the health of your system.
To include reporting on the PCA in the Status report, complete the following steps to enable the Portal application. It communicates with the server or servers that are hosting the PCA.
- Log in to the Portal as an administrator.
- From the Portal menu, navigate to Portal Management.
- In the Portal Management page, click the Manage Servers link.
- Review the list of servers. Verify that the list contains a reference for each PCA server from which you want to receive status information.
- If a server is not listed, create an entry for it:
- Click New. From the drop-down menu, select Capture Application Server.
- At the bottom of the page, specify the properties that enable the Portal application to connect to the PCA server.
- Verify that the Active check box is selected.
- To save the entry, click Save.
- The entry must be displayed in the list of servers.
- Select the entry. At the top of the list of servers, click the Ping tool to test the connection between the Portal application and the server.
- Repeat the previous steps to create entries for other PCA servers in the environment.
- When you finish creating entries for all PCA servers, generate a Status report:
- In the Portal Management page, click Logs in the navigation panel.
- Click the View Tealeaf Status link.
- Search the report for
PCA
.
Setting the log levels for PCA processes for troubleshooting
The PCA processes generate messages. For normal operations, the logging levels are set to a default level. During a troubleshooting situation, Support Services might ask you to adjust the logging levels to see additional information to resolve issues.
Logging levels are set in the .bashrc file on the Linux server. Increasing the levels increases the number of events that are generated and the size of the log files must be checked constantly to not use up too much space. Changing the levels is only recommended for a short period for debugging.
- pipelined
- routerd
- reassd
- listend
- tcld
- deliverd
- captured
To log only these messages | Set the log level to | What it is used for |
---|---|---|
LOG_EMERG | 0 | This level is not currently used by Tealeaf, only third-party software. |
LOG_ALERT | 1 | This level is not currently used by Tealeaf. |
LOG_CRIT | 2 | Needs immediate attention. |
LOG_ERR | 3 | Some error was encountered and the software tries to correct it as best it can. This condition should be fixed for optimal operation. |
LOG_WARNING | 4 | Things are not working as they should. This condition must be fixed for optimal operation. |
LOG_NOTICE | 5 | Advisory log, for example the configuration was changed. |
LOG_INFO | 6 | This level is same as NOTICE and they are used interchangeably. This level might help in debugging by providing current state information. |
LOG_DEBUG | 7 | This level is the most useful for debugging. It provides the most in-depth information on the working of the PCA. |
- Log in as root or Administrator with root permissions on the Linux server.
- Find the .bashrc file in the root home directory.
- Edit the .bashrc and add the process information and log levels to the file. Enter the process level that Support Services tells you to use. This example sets the logging for all the processes to the default level - 3:
PIPELINED_LOG_LEVEL=3 export PIPELINED_LOG_LEVEL DELIVERD_LOG_LEVEL=3 export DELIVERD_LOG_LEVEL LISTEND_LOG_LEVEL=3 export LISTEND_LOG_LEVEL ROUTERD_LOG_LEVEL=3 export ROUTERD_LOG_LEVEL TCLD_LOG_LEVEL=0 export TCLD_LOG_LEVEL CAPTURED_LOG_LEVEL=3 export CAPTURED_LOG_LEVEL REASSD_LOG_LEVEL=3 export REASSD_LOG_LEVEL
- Restart the PCA for the changes to take effect.
- After the troubleshooting is finished, use this task to reset the logging levels to the default level of 3.