Core files |
The presence of core.* files in the
/usr/local/dncauser directory is a sign that the capture failed and wrote a core dump
file. |
Bootup delays |
You can notice delays during the bootup procedure and when running various network-related
commands if the /etc/resolv.conf file contains the wrong information for
the local network. The delays can take the form of a long SSH login attempt when the SSH
daemon on the Network Capture host workstation times out while you use the incorrect DNS
resolution information from the /etc/resolv.conf file.
This file can contain incorrect information if it was left over from a static IP configuration on
a different network. It can also be left over from when the workstation was shut down while using
DHCP, although booting up with DHCP normally creates /etc/resolv.conf file. Fixing
the file depends on whether the host workstation is configured for DHCP or static IP
information.
|
DHCP |
If the DNCA software is configured for DHCP, then do the following steps:
- Log in as user root.
- Delete the file
/etc/resolv.conf .
- Run
shutdown now to enter single-user mode.
- Use the
exit command to leave single-user mode and allow the system to generate
a new /etc/resolv.conf file.
|
Static IP |
If the DNCA software is configured with a static IP address, then do the following
steps:
- Log in as user root.
- Delete the file
/etc/resolv.conf .
- Run
Discover ipconfig to reenter the DNS information and exit.
- The program generates a new
/etc/resolv.conf file, which takes effect
immediately.
|
Single-user mode |
If you just rebooted the DNCA host machine or powered it on and you must enter
single-user mode, then do the following while you use use the GRUB boot loader:
- When the GRUB boot menu is displayed, press
SPACEBAR to
prevent any automatic boot.
- Use the arrow keys to select the Red Hat Enterprise Linux™
kernel and version you want to boot.
- Press the
A key to append kernel options.
- At the
grub append prompt, append the word single . Press
SPACEBAR and then enter single.
- Press
ENTER to accept the new value and boot.
- For more information, see Basic System Recovery chapter of the Red Hat Enterprise Linux System Administration Guide.
|
Total large packets exceeded |
The TCP packet size has exceeded the configured limit. The DNCA is configured to limit packet size. When a captured packet exceeds
the configured limit, the DNCA reports the The TCP
packet size has exceeded the configured limit error message. Additionally, this
scenario causes missing events during session replay To enable the DNCA to accept
larger packet sizes:
- Edit the DNCA tuning parameters and enter a new value for
the Max large capture packet size. For more information, see Tuning Parameters.
- Edit the configuration file and add the following entry to increase the maximum captured
packet
size:
<Capture>
<MaxLargeCapturePktSize>X</MaxLargeCapturePktSize>
</Capture>
Replace
X with a numeric value for the maximum capture packet size. The value
is represented in kilobytes (KB). By default, the maximum-captured-packet size is
configured for 40 KB. The following example shows an entry that increases the
maximum captured packet size to 45
KB. <Capture>
<MaxLargeCapturePktSize>45</MaxLargeCapturePktSize>
</Capture>
|
Viewing capture logs |
Examining the DNCA logs can help you locate a possible problem.
If Capture is not starting, capture.log typically shows the reason for failing
to start, such as bad entry syntax or invalid entry in the configuration file.
Another troubleshooting log, maintenance_200xxxxx.log , shows unhealthy
conditions that are forcing the restart/shutdown of the DNCA software.
Both of these logs can be viewed by the web console or by a Linux text editor in the DNCA default logs directory. Depending on the version of
the DNCA software, they are located in /usr/local/dncauser/logs or
/var/log/Discover .
|