Good day!
We have an issue with the RSA Decoder/
By the monitoring system, we recieve that the service status is green and ready, but the health status says Capture stopped with the red sign, how we can identify what's the problem here and restore the normal job?
The services had been restarted several times.
Hello Aleksey,
Here are the most common causes I've come across. If neither of these solve your problem, I'd suggest opening a support case. RSA Support
First and foremost, you should read through the /var/log/messages file on the decoder. It should tell you why capture is stopping. Also ensure that either "capture autostart" is turned on, or that you've manually clicked "start capture."
If you find any core files, check their size and what time they were created. If they are old, it's probably safe to delete them. If they're new, there might be other issues. It may also be worth checking your /var/log/ partition. If that's full, it might be this issue: 000037185 - RSA NetWitness Platform 11.x /var/log mount is full due to logstash directory