cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
3759
Views
4
Helpful
4
Replies

Stealthwatch and Cisco Security Packet Analyzer Error

lelebel
Cisco Employee
Cisco Employee

I am attempting to add the packet analyzer to Stealthwatch for a customer and I am getting the error, "Name is missing" 

4 Replies 4

brford
Cisco Employee
Cisco Employee

When you install Cisco Stealthwatch and Security Packet Analyzer the first thing you need to do is establish a trust relationship between the two servers.  You do that by sharing a certificate.  That's pretty well covered in the documentation.  See: Cisco Security Packet Analyzer 2400 Series Appliances Installation and Configuration Guide - Cisco

Before you can add a Packet Analyzer to Stealthwatch you need to stop any running captures.  You do not have to delete those capture files and you can decode and download those pcap files.

You need to create a new capture named 'stealthwatch_rolling_capture'.  That name will become the name used to save capture files.  Stealthwatch looks for that name when it connects from the SMC to the Packet Analyzer.

I had hoped that this would be expressed more clearly in the product documentation.  I have filed a documentation 'bug' to get this fixed.

Brian Ford | brford@cisco.com | brford@yahoo.com | 51 75 61 6c 69 74 79 20 6d 65 61 6e 73 20 64 6f 69 6e 67 20 69 74 20 72 69 67 68 74 20 77 68 65 6e 20 6e 6f 20 6f 6e 65 20 69 73 20 6c 6f 6f 6b 69 6e 67 2e | Email me when you figure this out.

Thanks for your response. Once I stopped the capture and waited a few moments, I was able to connect.

.:|:.:|:. CISCO

Leo Lebel, CWO3 USMC (Ret)

Consulting Systems Engineer, DoD

760.672.2461

LeLebel@cisco.com<mailto:LeLebel@cisco.com>

Learn more about StealthWatch<http://www.cisco.com/c/m/en_us/products/security/stealthwatch/free-visibility-assessment.html>

That name is missing error is hard to figure it out as it shows up differently in different browsers. 

The integration guide that i was working off of did in fact mentions this...but it wasnt exactly clear that this specific name was being checked for in the error checking... I just assumed i could insert my own name here... my mistake.

I wish this section in the guide was changed from...

  1. On PA for version 6.3(2) there is a known issue that the SMC will not be able to save the PA configuration unless there is packet capture session running on the PA appliance beforehand. So log into the PA web UI and create a new session called “stealthwatch_rolling_capture”.

    

To...

During integration with stealthwatch, the SMC will check for a configured capture session called "stealthwatch_rolling_capture".   If this session name is not found present on the PA, then the SMC integration will fail...

I did not see anything in the document relating to the SMC integration using certificates. Is it in the Installation section or in Maintenance section.