Packet Capture stopped working

Reply
Highlighted
L2 Linker

Packet Capture stopped working

Hi,

the last days I did some captures on a PA-2020. At Yesterday I tried again but it doesn't work anymore. Tried via WebGUI and CLI.
If I start the capture it is shown running but no files are created. PAN-OS is 4.1.12.

Does anybody know this issue? Can it get fixed without restarting dataplane or device?

Thanks

Jörg


Accepted Solutions
Highlighted
L5 Sessionator

can try the following

> debug software restart vardata-receiver

wait for some time and see if it fixes it.

View solution in original post


All Replies
Highlighted
L6 Presenter

Try clearing all the Packet capture settings to default and set the filters and the capture files new again.

You can clear all the Packet capture settings using the command "debug dataplane packet-diag clear all "

Tx,

Sandeep

Highlighted
L5 Sessionator

Can you see packet count incrementing  for you capture stages , use this command to verify the same

debug dataplane packet-diag show setting

Highlighted
L2 Linker

Hi sdurga,

already tried this. Didn't fix the problem.

Thx

Jörg

Highlighted
L2 Linker

Hi sraghunandan,

the capture seems to work:

PAGATE> debug dataplane packet-diag show setting

Packet capture

  Enabled:                   yes

  Snaplen:                   0

  Stage firewall          :  file firew

    Captured:     packets - 70041      bytes - 41621506

    Maximum:      packets - 0          bytes - 0

But no files are generated:

FW-PAGATE> view-pcap follow yes filter-pcap

  <No files available>  Directory is empty

Thx

Jörg

Highlighted
L4 Transporter

Hi Joergk,

how long is the name of the interface? we use panos 5.0.3  with 5020 and capturing doesn't work because of long if-name. instead of eth1/3.4040 it will be shortened to eth1/3.404

Maybe it is the same problem.

Regards Klaus

Highlighted
L2 Linker

Thx Klaus,

good to know! And really poor if length of IF name causes issues in further releases :smileyconfused:

But in my case it already worked.

Highlighted
L5 Sessionator

can try the following

> debug software restart vardata-receiver

wait for some time and see if it fixes it.

View solution in original post

Highlighted
L3 Networker

Hello Joergk,


I believe that Klaus may be correct.  This sounds very similar to a known issue.  You should open a case with support so that they can investigate.


-chadd.

Highlighted
L2 Linker

Hi sraghunandan,

> debug software restart vardata-receiver

fixed the problem :smileyhappy:


Thx

Jörg

Like what you see?

Show your appreciation!

Click Like if a post is helpful to you or if you just want to show your support.

Click Accept as Solution to acknowledge that the answer to your question has been provided.

The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!

These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the Live Community as a whole!

The Live Community thanks you for your participation!