SFA monitoring is intended for filter monitoring.
If this is a new device to CA PAM or SFA is freshly installed on the device, please ensure that a socket filter is assigned to the device in the respective policy setup.
From the SFA log -- log.txt, we should find the communication traces between PAM appliance and Target Host. Example:
5/16/2017 7:59:36 PM CHR:MONITORING THREAD::New thread::socket:268 ...
5/16/2017 7:59:36 PM CHR:We received::From:<PAM_IP> To:<Target_IP>
5/16/2017 7:59:36 PM ReplyHello: Sending HELLO_REPLY: pacHdr.PacketLength:12, packet:2.70|2
5/16/2017 7:59:36 PM ReplyHello: Sent HELLO_REPLY, sent 18 bytes
5/16/2017 7:59:36 PM handleConn: recv failed,retVal = 0 ,ErrorCode = 0 , so no request is following the HELLO.