When you enable a Harvester for monitoring, performance demands for the Harvester increase. CA Anomaly Detector queries the Harvesters for flow data every 15 minutes. The Harvesters in turn search the flow archive--a cache of raw flow data--for the requested data. Searches can include millions of flows.
We strongly recommend that you enable Harvesters gradually. For example, enable two or three Harvesters, wait 15 minutes, then check the query time for the Harvesters on the Collection Sources page. Query times should be less than 15 minutes.
To check Harvester errors in the NFA console, open the NFA console, click Administration, and click the Harvester icon.
The program may take as long as 15 minutes to query newly added Harvesters. The current reporting interval must be completed before the program can query the newly added Harvesters.
You can add a maximum of 10 Harvesters to a single instance of CA Anomaly Detector.
|
Copyright © 2015 CA Technologies.
All rights reserved.
|
|