When you install Cisco Stealthwatch and Security Packet Analyzer the first thing you need to do is establish a trust relationship between the two servers. You do that by sharing a certificate. That's pretty well covered in the documentation. See: Cisco Security Packet Analyzer 2400 Series Appliances Installation and Configuration Guide - Cisco
Before you can add a Packet Analyzer to Stealthwatch you need to stop any running captures. You do not have to delete those capture files and you can decode and download those pcap files.
You need to create a new capture named 'stealthwatch_rolling_capture'. That name will become the name used to save capture files. Stealthwatch looks for that name when it connects from the SMC to the Packet Analyzer.
I had hoped that this would be expressed more clearly in the product documentation. I have filed a documentation 'bug' to get this fixed.
Thanks for your response. Once I stopped the capture and waited a few moments, I was able to connect.
Leo Lebel, CWO3 USMC (Ret)
Consulting Systems Engineer, DoD
Learn more about StealthWatch<http://www.cisco.com/c/m/en_us/products/security/stealthwatch/free-visibility-assessment.html>
That name is missing error is hard to figure it out as it shows up differently in different browsers.
The integration guide that i was working off of did in fact mentions this...but it wasnt exactly clear that this specific name was being checked for in the error checking... I just assumed i could insert my own name here... my mistake.
I wish this section in the guide was changed from...
During integration with stealthwatch, the SMC will check for a configured capture session called "stealthwatch_rolling_capture". If this session name is not found present on the PA, then the SMC integration will fail...
I did not see anything in the document relating to the SMC integration using certificates. Is it in the Installation section or in Maintenance section.