ビデオヘルプ

PacketCapture restarts excessively

作成: 19 Feb 2013 | コメント数: 7

Hi all,

Actually, we encounter an error message as of " Code 1007 PacketCapture restarts excessively. Process PacketCapture has restarted 3 times during last 16 minutes."

I checked in the PacketCapture.log, it shows from 02/19/13 10:18:55 to 02/19/13 10:35:27, the PacketCapture has been restarted three times. The restarts were sucessful, as at the end, there is a line "02/19/13 10:32:18 [0x00001220] INFO  PacketCapture - Beginning capture on device Broadcom L2 NDIS client driver: ........"

Could anyone tell me the general conditions which lead the restart of the PacketCapture?

Also, why DLP shown the error "PacketCapture restarts excessively" whereas the PacketCapture was successfully restarted each time?

I attach also the log PackCapture.log.

Thanks a lot for advice.

タグでディスカッションを検索:

コメント コメント数: 7最新のコメントを表示

kishorilal1986 の写真

please restart vontu services in series mentioned in Admin guide.

DLP tester の写真

Hello,

But my question is what are the conditions to make the restart of PacketCapture ....

DLP tester の写真

I attach also the daily charge and the server configuration, in order to see if it is due to the bad configuration.

Charges of yesterday:

  1. SMTP

       Data:  15.49 GB
       Messages: 57,274
       Incidents: 65
 

  1. HTTP

      Data:  7.73 GB
      Messages: 799,584
      Incidents: 0
 

Server configuration:

CPU: intel Xeon CPU L5640 @ 2.27GHz 2x2266

OS: Microsoft Windows Server 2008 R2 Standard Service Pack

Memory: 32757 MB

BoxMonitor.FileReaderMemory : -Xrs -Xms4096M -Xmx4096M -Xss2048K

jgt10 の写真

PacketCapture restarts excessively when the traffic is heavily corrupted.

Install wiershark on the monitor. Take a 30 second capture and run it through the expert analysis. 

Check how much raw traffic is coming in.

Look at the analysis and look at the errors and warngings. 

I'm pretty sure there is one or more KB articles that covers this isue.

JGT

--
John G. Thompson
JOAT(MON)

DLP tester の写真

Hi JGT,

Thanks a lot for your advice. I'll do that, I will let you know once I finish the test.

BTW, do you know how exactly is the "Message Wait Time" calculated?  Before we thought it was the difference between the current time and the reception time of the oldest file which is not yet processed. But I find that it seems not true.

Regards,

DLP Solutions2 の写真

Use wireshark to capture the traffic. in a lot of cases I have seen where there is dirty traffic.

That can mean DUPLICATE streams of traffic and also too much traffic.

Most of the time it is just dirty traffic.

Also use the attached tool to analyze the traffic.

添付サイズ
Packet Analyzer.zip 362.99 KB

Please make sure to mark this as a solution

to your problem, when possible.