cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
2214
Views
0
Helpful
1
Replies

StealthWatch Endpoint Concentrator (EPC) troubleshooting

agipkcoat
Level 1
Level 1

Hi all. 

 

We're deploying StealthWatch system in our network especially EPC virtual appliance (7.1.1 2019.07.31.1620-0) but seems like it is not receiving flows from the AnyConnect Agent to the collector. 

 

 

Cisco offers some kind of troubleshooting guide 

https://www.cisco.com/c/dam/en/us/td/docs/security/stealthwatch/system_installation_configuration/SW_7_1_1_Installation_and_Configuration_Guide_DV_1_0.pdf

From which I've noticed that there should be four services running there:

- kafka

- netflow-parser

- zoo-keeper

- netflow-generator

 

But none of them are not available in our EPC. Reboot does not helps as well. 

Will appreciate any advice.

 

1 Reply 1

brford
Cisco Employee
Cisco Employee

Have you verified that an AnyConnect (Apex license) equipped end point is configured and sending nzflow to the Endpoint Concentrator?

Brian Ford | brford@cisco.com | brford@yahoo.com | 51 75 61 6c 69 74 79 20 6d 65 61 6e 73 20 64 6f 69 6e 67 20 69 74 20 72 69 67 68 74 20 77 68 65 6e 20 6e 6f 20 6f 6e 65 20 69 73 20 6c 6f 6f 6b 69 6e 67 2e | Email me when you figure this out.
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: