2 FxV Archivers connected to 2 FxM Probes
1 FxM Portal
1 FxV Server (search function only)
Both Archivers are registered with the one FxV Server for Search
All worked fine for the last few months until yesterday. Now the FxViewers do not record any traffic and Search comes up empty
- No changes were applied
- No traffic is being recorded since Sep 24 10:30 AM
- FxM Probes work fine (collect data)
- FxV Services were stopped/started on all 3 appliances
In FxV server logs, we could see errors like below.
2012-09-25 09:56:07,879 ERROR [com.xaffire.server.query.internal.commands.QueryArchiverCommand] com.xaffire.server.query.QueryException: Bad input given to Archiver: Invalid query request: Hit Analysis Configuration not available
com.xaffire.server.query.QueryException: Bad input given to Archiver: Invalid query request: Hit Analysis Configuration not available
ERROR [com.xaffire.archiver.webquery.QueryServlet] Server id error, request serverID:4460e71a-4f46-4b4d-bcd5-be1ce28ecf53
They logged into each box and on the Archiver only boxes they enabled the Server (which is NOT okay).
Sep 24 11:31:22 cs1fxv1 Appliance-UserAudit: [10.x.x.x] User affected a FxV service: Server was Enabled
Sep 24 11:31:28 cs1fxv1 Appliance-UserAudit: [10.x.x.x] User affected a FxV service: server was told to start
1. Make absolutely sure that the FxV Server is stopped and disabled on all Archiver only appliances and that is it never started again.
2. Re-register both Archivers with the "real" FxV Server on 10.152.124.16
3. Test that they are able to communicate between the FxV Server and the 2 Archivers using port 80.
It also appears that their collector group configuration is incorrect.