Device with SFA is not displayed in the Socket Filter Agents Status list

Document ID : KB000006749
Last Modified Date : 14/02/2018
Show Technical Document Details
Issue:

Device with Socket Filter Agent is not displayed in the Socket Filter Agents Status list (Devices >> Socket Filter Agent). 

'SFA Monitoring' is enabled from Socket Filter Config and SFA daemon/ service is running on the Target Host.

Resolution:

SFA monitoring is intended for filter monitoring.

If this is a new device to CA PAM or SFA is freshly installed on the device, please ensure that a socket filter is assigned to the device in the respective policy setup.

 

From the SFA log -- log.txt, we should find the communication traces between PAM appliance and Target Host. Example:

5/16/2017 7:59:36 PM CHR:MONITORING THREAD::New thread::socket:268 ...
5/16/2017 7:59:36 PM CHR:We received::From:<PAM_IP> To:<Target_IP>
5/16/2017 7:59:36 PM ReplyHello: Sending HELLO_REPLY: pacHdr.PacketLength:12, packet:2.70|2
5/16/2017 7:59:36 PM ReplyHello: Sent HELLO_REPLY, sent 18 bytes
5/16/2017 7:59:36 PM handleConn: recv failed,retVal = 0 ,ErrorCode = 0 , so no request is following the HELLO.

 

Additional Information:

Check the log.txt residing under <Socket Filter>\Bin directory to troubleshoot the SFA related issues.