On the CPE:

 

 

  1. Check whether CPE is having LEF connection to analytics.

 

 

The status should be in “Established” state as shown above and not “reconnect”.

 

If the status is init or reconnect, then check the following

Ping to the destination IP using source IP and routing instance.  For example:

 

 

If ping fails

Check if there is route to the destination on the routing instance.  Command “show route routing-instance <ri>” should show the routes. 

If not add a static route to reach the destination.

Check if there is reverse route in the VAN for the source IP

TCPDUMP on the VAN interface can show the syn/syn-ack is received

Check if there is a firewall on the path which is dropping the packets sent on the port

 

  1. Check the statistics then, specially the message flushed, if this counter is incrementing, means CPE is sending logs to upstream analytics.

 

 

You can also clear the counter and check using the below command.

 

 

 

  1. Check which module is sending logs 

 

  1. [admin@Site-1-Hub: ~] $ vsh connect vsmd

 

 

 

 

 

 

If you are getting logs here that means CPE is sending logs and this will hit controller, controller will decrypt this and send it to analytics. 

 

Inside controller there is ADC which will load balance the lef connections.

 

On ADC 

 

 

  1. Check the ADC virtual summary using the below command.

 

 

10.0.192.1 is the IP address of ADC on which it is listening to branch device connections, this should be enabled and up as shown above.

 

And this is the IP (10.0.192.1) to which branch device is sending logs as we have seen earlier in CPE section.

 

 

Check load balance is happening between 4 nodes in case of cluster, in case of standalone node it will show only 1 node.

 

 

  1. Check the connectivity of the controller to the analytics.

Ping eth1(control network IP) of analytics from controller with routing instance control VR

 

 

This should be reachable from both the controllers.

If ping fails – means there is some network issue we cannot push IPFIX from branch to analytics in this case. 

 

 

 

On Analytics 

 

 

  1. Check whether the connections are made in the analytics server or not, the appliance field should be populated.

 

 

Same can be checked using the below command also

 

 

 

    2. Check the statistics using the below command 

 

 

The Data Records Received field should get incremented.

If Message Parse failure field is incrementing means there is a version mismatch between CPE and analytics.

 

  3. Check the type of logs (like alarms logs, CGNAT, Firewall log) received using the below command

 

 

 

    4. Now if the logs are coming to analytics server( versa lced daemon will get this logs and save it into the disk), check whether it is getting saved in the disk or not in the cd /var/tmp/log/ <tenant name> /<appliance name> directory as shown below

 

             

 

 

 

 

 

  5. Now, analytics driver process will read these logs and ingest it into the database, check for any errors in van driver log            under /var/log/versa/versa-van-driver.log.If the logs are present in cd /var/tmp/log/ <tenant name> /<appliance                name> directory but the database table/UI is not populated with the data then check for errors in the 

     /var/log/versa/  versa-van-driver.log

 

 

 

6. Check the system setting page is correctly populated with analytics, search and driver IP address as shown below:

 

 

 

The IP can be obtained from the output of command “ sudo nodetool status” as shown below