Enhanced Security Measures in Place:   To ensure a safer experience, we’ve implemented additional, temporary security measures for all users.

Packet Capture stopped working

cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Announcements

Packet Capture stopped working

L2 Linker

Hi,

the last days I did some captures on a PA-2020. At Yesterday I tried again but it doesn't work anymore. Tried via WebGUI and CLI.
If I start the capture it is shown running but no files are created. PAN-OS is 4.1.12.

Does anybody know this issue? Can it get fixed without restarting dataplane or device?

Thanks

Jörg

1 accepted solution

Accepted Solutions

can try the following

> debug software restart vardata-receiver

wait for some time and see if it fixes it.

View solution in original post

9 REPLIES 9

L6 Presenter

Try clearing all the Packet capture settings to default and set the filters and the capture files new again.

You can clear all the Packet capture settings using the command "debug dataplane packet-diag clear all "

Tx,

Sandeep

L5 Sessionator

Can you see packet count incrementing  for you capture stages , use this command to verify the same

debug dataplane packet-diag show setting

Hi sdurga,

already tried this. Didn't fix the problem.

Thx

Jörg

L2 Linker

Hi sraghunandan,

the capture seems to work:

PAGATE> debug dataplane packet-diag show setting

Packet capture

  Enabled:                   yes

  Snaplen:                   0

  Stage firewall          :  file firew

    Captured:     packets - 70041      bytes - 41621506

    Maximum:      packets - 0          bytes - 0

But no files are generated:

FW-PAGATE> view-pcap follow yes filter-pcap

  <No files available>  Directory is empty

Thx

Jörg

L4 Transporter

Hi Joergk,

how long is the name of the interface? we use panos 5.0.3  with 5020 and capturing doesn't work because of long if-name. instead of eth1/3.4040 it will be shortened to eth1/3.404

Maybe it is the same problem.

Regards Klaus

Thx Klaus,

good to know! And really poor if length of IF name causes issues in further releases :smileyconfused:

But in my case it already worked.

can try the following

> debug software restart vardata-receiver

wait for some time and see if it fixes it.

L3 Networker

Hello Joergk,


I believe that Klaus may be correct.  This sounds very similar to a known issue.  You should open a case with support so that they can investigate.


-chadd.

Hi sraghunandan,

> debug software restart vardata-receiver

fixed the problem Smiley Happy


Thx

Jörg

  • 1 accepted solution
  • 10402 Views
  • 9 replies
  • 1 Likes
Like what you see?

Show your appreciation!

Click Like if a post is helpful to you or if you just want to show your support.

Click Accept as Solution to acknowledge that the answer to your question has been provided.

The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!

These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!

The LIVEcommunity thanks you for your participation!