Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
2292
Views
0
Helpful
1
Replies

StealthWatch Endpoint Concentrator (EPC) troubleshooting

agipkcoat
Level 1
Level 1

‎09-17-2019 04:43 AM - edited ‎09-17-2019 05:05 AM

Hi all. 

 

We're deploying StealthWatch system in our network especially EPC virtual appliance (7.1.1 2019.07.31.1620-0) but seems like it is not receiving flows from the AnyConnect Agent to the collector. 

 

 

Cisco offers some kind of troubleshooting guide 

https://www.cisco.com/c/dam/en/us/td/docs/security/stealthwatch/system_installation_configuration/SW_7_1_1_Installation_and_Configuration_Guide_DV_1_0.pdf

From which I've noticed that there should be four services running there:

- kafka

- netflow-parser

- zoo-keeper

- netflow-generator

 

But none of them are not available in our EPC. Reboot does not helps as well. 

Will appreciate any advice.

 

Labels:
0 Helpful
1 Reply 1

brford
Cisco Employee
Cisco Employee

‎09-24-2019 10:07 AM

Have you verified that an AnyConnect (Apex license) equipped end point is configured and sending nzflow to the Endpoint Concentrator?

Brian Ford | brford@cisco.com | brford@yahoo.com | 51 75 61 6c 69 74 79 20 6d 65 61 6e 73 20 64 6f 69 6e 67 20 69 74 20 72 69 67 68 74 20 77 68 65 6e 20 6e 6f 20 6f 6e 65 20 69 73 20 6c 6f 6f 6b 69 6e 67 2e | Email me when you figure this out.
0 Helpful
Customers Also Viewed These Support Documents