No Files or Emails are Captured

Network Integration Guide › Troubleshooting › No Files or Emails are Captured

No Files or Emails are Captured

If the NBA fails to capture any data, the following steps can be useful when diagnosing the cause:

Confirm that the NBA is failing to detect any network traffic.
In the NBA console, browse to the CPUs or Analyzers screen and check:

Filtered column

Shows the number of Ethernet packets seen by each CPU. If the packet counts do not change when you refresh the page, this indicates that the NBA is not detecting any network traffic.
Check that the network and application filters are not inadvertently eliminating too much network traffic. The activity log files list the active filter details.
In the NBA console, browse to the CPUs screen and check:

Analyzed column

Shows the number of Ethernet packets that passed through the network filters for further analysis.

If this packet count does not change, or changes very little, when you refresh the screen, the network filters may be removing too much traffic.

FoundStrms column

Shows the number of data streams found in the packets that passed through the network filters.

If this stream count does not change, or changes very little, when you refresh the screen, the network filters may be removing too much traffic.

SavedStrms column

Shows the number of data streams sent to a policy engine for content analysis.

If this stream count does not change, or changes very little, when you refresh the screen, the application filters may be removing too much traffic or the found streams may have missing packets.
Check whether the NBA disk is full. To do this:
1. Generate a diagnostics file.
2. Extract stats.txt from the resulting .gz file.
3. Open status.txt and check the available blocks count for the Filesystem.
The screenshot below shows an extract from status.txt. The high count for available blocks shows that the NBA disk is not full:

Example status.txt

1 Number of available blocks.