Anomaly Detector hanging

Document ID : KB000113262
Last Modified Date : 20/12/2018
Show Technical Document Details
Issue:
Unable to add multiple harvesters. AD would hang.

Harvesters are sending large amounts of flows at the same time and overloading/choking the AD server.
Environment:
Windows 2k8 and above.
NFA 9.3.x and above
Cause:
Basically, what was occurring was that all the harvesters were sending large amounts of flows at the same time and overloading/choking the AD server.

AD was able to handle the initial four harvesters but when adding more then that put it over the top and hung.
Resolution:
Note down the setting before you do the update so you can revert back if necessary.

______________
mysql -P3308 -D nsas -t -e "select * from parameter_descriptions where Parameter='max_active_datasources';"
     (Default Value was 10)
mysql -P3308 -D nsas -t -e "update parameter_descriptions set DefaultValue='4' where Parameter='max_active_datasources';"
______________
mysql -P3308 -D nsas -t -e "select * from parameter_descriptions where Parameter='max_flows_for_initialization';"
     (Default Value was 15000000.0)
mysql -P3308 -D nsas -t -e "update parameter_descriptions set DefaultValue='8000000.0' where Parameter='max_flows_for_initialization';"
______________
mysql -P3308 -D nsas -t -e "select * from parameter_descriptions where Parameter='max_flows_for_production';"
     (Default Value was 15000000.0)
mysql -P3308 -D nsas -t -e "update parameter_descriptions set DefaultValue='8000000.0' where Parameter='max_flows_for_production';"
______________
mysql -P3308 -D nsas -t -e "select * from parameter_descriptions where Parameter='max_records_per_min_for_netflow_datasource';"
     (Default Value was 20000)
mysql -P3308 -D nsas -t -e "update parameter_descriptions set DefaultValue='1500000' where Parameter='max_records_per_min_for_netflow_datasource';"


The four parameters that were tweaked were done to achieve the following:
(max_active_datasources set to 4), this limits the number of harvesters that AD will process at a time.
(max_records_per_min_for_netflow_datasource set to 1500000), increases the max flows per min per harvester.
(max_flows_for_production and max_flows_for_initialization), decreased both parms to prevent overloading AD at startup.

 
Additional Information:
Reference case #01102283