Certain NFA users cannot see interfaces

Document ID : KB000009253
Last Modified Date : 17/12/2018
Show Technical Document Details

When NFA is paired with CAPC, you may encounter a strange issue where 'Admin' or 'Poweruser' privileged level users CAN see all interfaces in NFA while 'User' privileged users CAN'T see all interfaces. You may also experience an issue where you can see the interface in CAPC but when you click on the interface to view it in NFA directly, the page will display a message that the interface could not be found.

00928429-NFA-graph-WITHOUT-details fixed.png

Windows Server 2008+Redhat Linux 5+Network Flow Analysis 9.1+

This issue will occur when interfaces exist in 1 database table but not another. Once those extra interfaces sync up to CAPC, CAPC will not know how to group them properly as they do not belong in the system anymore. Luckily there is an easy fix for this. 


1. RDP to NFA Console Server 

2. Open a CMD Prompt and type: 

a. mysqldump reporter agent_definitions > c:\agent_definitions.sql 

b. mysql -P3308 -D reporter -t -e "DELETE FROM agent_definitions WHERE interfaceid NOT IN (SELECT id FROM interfaces);" 

3. On each harvester fun these commands:

a. mysql -P3308 -D harvester -t -e "update routers set updatedon=unix_timstamp();"

b. mysql -P3308 -D harvester -t -e "update persistent_map set updatedon=unix_timstamp();"

3. Go to CAPC and select the Administration Page > Data Sources 

4. Select the NFA data source and do a FULL resync. 

5. After the resync completes the issue will be resolved.

If the issue still isn't resolved, check to see if the router in question has duplicate agents (licensed interfaces with the same ifindex). If they do, go to Physical and Virtual and merge the interfaces. Do a full sync in CAPC and the issue should be gone.

Additional Information:
See also NFA data not seen in CAPC, but is seen in NFA if this doesn't resolve the issue.