Tech Tip: NFA 9.3.6 Reboot Detection Fix

Document created by sigju01 Employee on May 20, 2017Last modified by sigju01 Employee on May 30, 2017
Version 3Show Document
  • View in full screen mode

Problem

There is a defect in NFA 9.3.6 which can cause problems where v5 or v9 Netflow can trigger NFA to sense bogus "reboots". This can cause SNMP profiles to not stay assigned to a device, spotty data, and/or no data.

In the harvester.routers table, you may see devices switch back and forth from PollState='Mapped' to PollState='RebootRefresh'.

Environment

NFA 9.3.6

Windows Server 2008
Windows Server 2012
Redhat Linux 6.7

Cause

A combination of issues in the code where v5 flows with multiple engine ID's were not being uniquely processed and v9 flows were using "FlowSequence" reboot detection versus "SystemUptime" reboot detection which is not efficient for some devices.

Resolution

**This will need to be applied to each Harvester Server**

  1. Download the patch from our FTP: RebootDetection_DualNIC_DE286827_DE278337.zip
  2. Stop all CA services on the harvester server or standalone server. 

  3. Navigate to: installdir\netflow\bin\.

  4. Rename com.ca.im.ra.harvester.jar to com.ca.im.ra.harvester.bak.

  5. Unzip the downloaded patch and copy the patched file into the bin directory.

  6. Start all CA services.

  7. Open a CMD prompt enter this command: 
    Mysql -P3308 -D harvester -t -e "update routers set PollState='InitialPoll', stateretry=0, reboottime=0 where PollState ='RebootRefresh';"

  8. Affected devices should start to poll and collect data properly.

  9. Move on to the next harvester and repeat steps 2-9 until each harvester has been patched.


TEC1918824

1 person found this helpful

Attachments

    Outcomes